What would you do if someone stole something valuable and personal from you? What if, at the same time, they targeted your business and crippled your income? What if you also discovered that this happened due to a Google security infection that can affect any Gmail user?

That’s what has happened to me, and I’ll tell you all I know about the web pirates who are threatening my livelihood, and how to check Gmail to ensure it can’t happen to you.

On November 20th 2007 I left the UK to spend a month in India. I’d planned the break for about a year, and was looking forward to taking my girlfriend on our first foreign trip together. Before leaving, I published a brief post to say I’d be away and that the blog would be quiet in my absence. All my clients were informed, bills paid, etc., and off we went for an adventure.

We arrived in Mumbai on November 21st, and on the journey from the airport to the Colaba district, was punched in the face through the open window of my taxi, but that’s another story.

I’d not be checking email much during the next month — only to keep in touch with family. This was a break from work and computers.

Everything was fine until just a few days before we were to return to the UK. I was in a net cafe in Goa and read some worrying emails from friends. My website had disappeared and my domain name was redirecting to a site I’d never heard of — bebu.net.

I got anxious. What happened? The only thing I could think of was that somehow the domain name had expired without any notification or warning, and a poacher had snapped it up before I could renew.

My site had been attracting more than 2,000 unique daily visits. So not a massive amount. But for a one-man business, 700,000+ annual visitors can generate a decent amount of new clients.

So I ran a WHOIS check on the domain, hoping to find an email address for the new owner. The search yielded this email address: DAVIDAIREY.COM@domainsbyproxy.com and here’s the email I sent:

“Hello, please can I purchase my old domain name from you. It seems it expired without my knowledge. www.davidairey.com. Kind regards, David”

I found it hard to believe that I’d let my domain name expire, but thought it a good idea to send an email nonetheless.

On the very same day, I received a reply. It came from one supposed Peyam Irvani, telling me the following:

“Hello, please send me your high offer! Regards”

By this stage I’d had some back and forth email discussions with close friends, wondering what exactly could have happened. I also contacted my web host, ICDSoft, asking for help. They originally sold me the domain name. Shouldn’t they have informed me?

This is when I found a disturbing ticket in my web host support panel. It was supposedly from me, addressed to ICDSoft’s support team, and was created on November 20th, the exact date of my departure from the UK. It read:

“Subject: Davidairey.com Transfer

“Hello, I want to transfer davidairey.com to another registrar please unlock it and send me the EPP transfer code. Kind regards, David”

Within just one minute (ICDSoft’s support team are very fast) the following response had been supplied:

I immediately typed a reply asking what I could do to resolve the situation. Here’s what the support team said:

“Unfortunately, the domain name has been transferred successfully, and it cannot be reverted. The current registrar may be able to give you more information. The original ticket message was sent from this IP address: 207.36.162.100. The person who posted it must have had access to your email, too, because transfers have to be approved by the administrative contact in order to be successful.”

What? Not only did the hacker gain access to my web host control panel, but they also squirmed their way into my email account? This is when I began to get very worried. I kept a lot of personal emails behind my username and password, and this was a real invasion of privacy. For a few minutes I sat in the net café and didn’t know what to think.

I emailed GoDaddy where my domain had been illegally transferred to, and asked them to prevent any further transfers. I wanted the domain in one place while I investigated. GoDaddy said:

“Unfortunately if a transfer request is made and completed we will not be able to prevent this unless we receive the notice from a court or arbitration forum… I apologize for any inconvenience this may cause.”

Okay, so GoDaddy can’t help until the matter is taken to court.

This process ran over a few days of my holiday, as GoDaddy took over 48 hours to respond. At this point, on December 19th (four days after my first email to the thief ‘Peyam’), I thought I’d reply:

“Hello Peyam, well, congrats on your hack. I’d love to know how you did it.

“Before this moves through the courts, in order to settle the dispute, I don’t suppose you’d be so kind to give me my domain back? It’d really save me a lot of hassle, but if that’s what it takes, so be it.”

No point in being aggressive.

Again, that same day, I received a response:

“:)) Im sorry to say but its not possible to have it or it take about 1 month if you try hard to have it again :)) and you lose your visitor ….hahaha
“You can purchase it for 650 $ And we will use escrow sevices ;) that will done in less than 2 days!”

Now my domain name was being held to ransom and I was being taunted. What I had spent more than a year building into a sound marketing plan had been severed at the knees.

I’m not the type to give money to a criminal, so I didn’t reply, and focused on stopping the hacker from stealing anything else of mine.

How was I being hacked?

It details the exact Gmail hijack that I have just found applied to my account (right while writing this post).

Here’s an excerpt:

“The victim visits a page while being logged into Gmail. Upon execution, the page performs a multipart/form-data POST to one of the Gmail interfaces and injects a filter into the victim’s filter list. In the example above, the attacker writes a filter, which simply looks for emails with attachments and forwards them to an email of their choice. This filter will automatically transfer all emails matching the rule. Keep in mind that future emails will be forwarded as well. The attack will remain present for as long as the victim has the filter within their filter list, even if the initial vulnerability, which was the cause of the injection, is fixed by Google.”

And here’s a three step illustration of just how this threat works (click each image for a larger version):

I took a look at the “filter” option in my own Gmail settings, and it turns out that you can easily set incoming emails containing specific words to be forwarded automatically. For example, if you want any emails containing the word password to be sent to another address, no problem. It also appears that the filter can delete the email from your Gmail inbox as soon as it has been forwarded, so you’d be none the wiser if a hacker was playing havoc with your incoming mail.

Important: If you use Gmail, it’s vital that you check your account settings now.

Here’s what to do:

When logged into Gmail, click on the “settings” tab in the upper right of the screen. Then check both the “filters” and the “forwarding and POP” sections. This is what I just found in my filters tab:

I have no idea who’s email address that is, but it seems that some of my personal emails were bypassing my inbox entirely, instead being forwarded to the yahoo.com address.

The Gmail security issue is seemingly fixed (link removed due to expired domain — 09 April 2010), but that won’t remove any previously installed filters from your Gmail account.

What do I know about the thief?

I have the Gmail address, pay.irv@gmail.com, and what’s perhaps a fictitious name, Peyam Irvani.

There’s also the Yahoo address, ba_marame_pooli@yahoo.com, where my emails were being forwarded to through the rogue filter.

ICDSoft gave me the IP address from where the fraudulent support ticket originated (207.36.162.100), and it’s possible to search for it’s physical location using an online IP address locator. I gave that a shot, and according to IP Global Positioning, the IP is in the United States — Fort Lauderdale, Florida, to be precise, and the Internet Service Provider is Cybergate INC (based in Mississippi, USA).

I’m not sure how much this information can help me, if at all, but I thought it might be useful.

Then, a little unexpectedly, I received a third email from ‘Peyam’ on December 21st, saying:

“Helli David, we can use escrow and you can have your domain name again :)
Only for 250 $ !
Do you want it ?!
Its special christmas offer ! haha
I like to see you have that domain name again :) “

I don’t care if it costs two cents. I don’t pay thieves.

You might be wondering what I did to resurrect my website. You’re reading this post after all. Before the theft, I owned both davidairey.com and davidairey.co.uk, with the .co.uk permanently redirecting to the .com (I thought it made sense to use the .com as my main address because it’s easier to remember).

I’m now using the .co.uk domain as my main address. That means all my organic search results have been reset to zero. Whereas once I was on the first page of search results for graphic designer, I’m now nowhere.

It also means that the detail on my business cards is incorrect, and my email addresses too. So quite an expense, but I’d rather fight in the courts than give a penny to the person responsible.

Help with domain name disputes

This is the stage I’m at, weighing up options before it comes to paying legal fees. This is also where I’m calling on your valued help. I know that many of you are much more clued up on this than I am, and if you can spare some advice in the comments here I’d be very appreciative.

In my emails with GoDaddy (the company where my .com domain name is now registered), a representative said:

“Should we receive notice of a pending dispute from a court or arbitration forum, we will lock the domain name so it cannot be transferred or have the registrant information modified. Likewise, when we receive a decision from the legal body, we will update the domain name accordingly.”

From what I understand, the only option is to proceed with legal action (again, I’m not paying the thief one penny).

Do you know any different?

Do I have a good case to proceed with?

Is there any other information available online about the pirate who is blackmailing me?

If you can provide any of these answers, it would mean a lot.

Thank you

Thank you so much to those of you who kindly emailed me at the start of this situation: Vivien, Ben, Tammy, Armen, Dawud, Ed and Jamie. I know that more of you tried, but that I didn’t receive your emails because my accounts no longer existed.

Thank you also, to everyone who is lending their support in the comments of my previous blog post, David Airey.com hacked. Many of you have also published my news on your own blogs, and this really lifts my spirits, showing just how great the people in the blog world are:

Post navigation

619 responses

Morals aside, its business sense. why don’t you buy the domain name at 600 USD or 250 USD or any other bargain you could strike. At least you’ll been back on the search page for graphic designer. Getting that with the UK will be mean much more than 600 USD or 250 USD.

You may then take an expert opinion on how to initiate legal proceedings since this might take time.

Seems like this guy chose the wrong blogger to pick on. You deserve a lot of credit for sticking to your principles here, and I hope everything works out for you.

One other thing is that FeedBurner really saved your bacon here. Because your feed URL is on their domain, you won’t lose a single reader. It’s a shame about the search engines, but at least you know that the community you have built up isn’t going anywhere! :)

I think if I were in your shoes I would start by finding a lawyer that will simply write a letter to Cybergate detailing your story and the evidence you have and see if you can get any real evidence on him. Maybe you can incriminate him into giving up ;)

So sorry for all that you’ve had to experience. One thing I am sure of is that things have a way of coming back around. This hacker will get what he deserves. Well, my blog is new, but I’ve added you to my blogroll. I know it’s not much, but maybe the reciprecal link can help. Despite everything, I wish you’re able to enjoy the Holidays. Be safe.

First of all thanks for all the thought-provoking info on your situation.

Second, have you thought about just abandoning the .com address? I know you’ve worked so hard to build it up with respect to SEO etc, but a .co.uk address is not such a bad thing is it? I know in Canada that there are plenty of very large sites that use the .ca address and not .com. The .com address doesn’t have the cachet it may have once had. Would new customers necessarily assume it was YourName.com? All of your present and former clients could easily be informed of the mishap and advised accordingly anyway. The only problem is that the .com spam site remains. If only there were some way to get rid of that.

Another option might be to buy a different domain name entirely (not YourName.com .co.uk .biz.. etc.) and start anew. Build a new brand. Sometimes starting with a clean slate and more experience can pay off in other ways.

Tough call to make any smart decision here. I do agree with your stance on not paying the crook. It’s not like he’s going to have a lot of other takers on that offer anyway. It is tough just to know its out there though. Would be nice if there was a way to shut him down that wasn’t a costly legal avenue.

I’m thinking of Mel Gibson’s press conference where he basically tells the hostage takers to take a flying leap. Send this guy an email and colourfully let him know he’s off your radar. hehe.

Good luck with your hunt – you are definitely taking the right approach by not ‘buying’ your domain back off this guy. There is the chance this technique has already worked for him, by some sucker falling for it, and now he’s trying it again, and may be again and again . . .

Stay with it.

If the word spreads, perhaps no one will buy the domain if it comes on the market and he will have a (to him) useless domain on his hands . . . .

Abandoning the .com address is one option. Like you point out, there’s always the fact that it’s still out there, but it’s reasonable to assume I could get it terminated?

At present, my domain could be a lot worse, and I’m relatively happy with davidairey.co.uk.

Also, I had time to think things through when on holiday, and set about my plan of action for a new logo design-specific website. I’ve mentioned it before on this blog, but didn’t take many steps to put it into action. Now I have a sketched plan of the site components, with plenty of ideas for content, so it’s just a matter of sitting down and starting afresh.

You know, I think Mel Gibson crossed my mind at one point too! Thanks for your take on the matter.

Shaun,

That’s great of you to add me to your distinguished blogroll. Thanks very much for your generosity.

I’ve changed my link and written you a little note on my blog. Much sympathies, and my two cents on the matter – if you can find the actual live human who hacked, sue. I may not be entirely American, but I’ve picked up on the litigiousness of the culture… certainly if you can afford the legal fees, go for it. At the very least, go for a consultation. I think in order to get anything, you have to show that you’ve incurred quantifiable damages – reprinting cards, time, and especially loss of present and/or future clients.

I’m sorry to know that you’re going through these troubles. Just a few weeks(?) ago, BittBox got defaced. This is insane.

I just hope that you’re able to track the cracker. The IP and email addresses are hardly going to help ’cause most of the time, these evil types use IP encapsulation and such other methods to confuse webmasters. Did you contact the Gmail support? Maybe they can collect more details about the person who did this? I read the article posted by pdp back in September and have been alert since then.

If you decide to ditch the .com site and just stick with .co.uk, you might be able to get some sites to change their links to point to your .co.uk site (so you get to keep a little of the link love).

I had a look around and found a WordPress plugin called Search and Replace WordPress Plugin, which offers search and replace across all posts on a site, including content, comments, comment author. I haven’t tested it, but in theory it could search for davidairey.com and replace it with davidairey.co.uk.

The negatives: a) it was last updated in Jan 2006, so we’d need to check if it works on WordPress 2.3; b) it’s only for WordPress (but you have a lot of fans out there using WordPress, who may be willing to run this for you); c) people would be changing the DB directly with no way to undo it, so it’s a little risky (backup needed first!).

Anyway, I hope it doesn’t come to that and you can get the .com domain back. Best of luck!

Glad you agree with my stance on the purchase. People like this need to realise that we won’t be help to ransom.

Scott,

I think the domain was due to expire in 2009, so I’ve a while yet, but it’s a good suggestion all the same.

Renata,

Thanks very much for posting about my situation, and for your suggestions on what to do next. I appreciate the time you’ve taken.

Hi Tina,

You’re very welcome. I felt it appropriate to warn my readers of this, as it could easily happen to one of them. Fighting fire with fire is a thought, but I don’t know any hackers. Probably a good thing too, as if they’re all like this one I don’t value their morals.

Where would we be without friends? A colleague of mine said that earlier, and it’s so fitting.

Have a great holiday too!

Avinash,

I’d missed the Bittbox defacing what with being abroad. Was it something similar? I get your point about the IP and email address. I didn’t think they’d help but wanted to document everything I know in one post. Perhaps this post will be of use in any future legal proceedings.

I haven’t contacted GMail support, but will do so now. Cheers buddy.

Stephen,

Thanks for your thoughts, and for the ‘search and replace’ suggestion. Sounds like it’s a risky one, and I’d not expect anyone to test it on my behalf. Still, it’s a nice thought, and I appreciate your well-wishes.

Lisa,

Glad to write something of use for you, and I notice you commented on Wendy’s blog too. She’s a great person eh?

The site is parked on sedo, so they should know who collect the money generated by the web site, i think contacting sedo will help to track the hacker. Also the domain registrar will be able to tell how register the domain. I think ICAAN have some rules that need all domain owners should have proper address in their WHOIS database.

David, how about sending another email to the hacker and tell him where you stand at, that you won’t pay him a penny, because you don’t pay criminals, that he, however, has a choice:
either return you the domain on his own good will, and you’ll forgive him and close the case,
or you’ll proceed with the court and will get your domain back anyway.
Let him realize that he won’t get a better deal out of it – nobody will buy your domain (if you don’t pay this guy, why should you pay other criminals), so what is going to do with that domain? it will just sit there, until you’ll get it back via court.

GOOD LUCK!!!!! Thanks for keeping us up to date, for all the useful info – keep us posted.

Now that that’s out of my blood, the second thing I want to say is that I am not surprised one bit you tracked back through a city in Florida. I don’t know what it is about that state, but every time I investigate a spammer it leads to or through that state.

Of course the main reason this guy did this is financial. Aside from the ransom he’s trying to extort from you, there’s sufficient traffic to make some money on a parking page. If Sedo won’t help you shut the guy down, kill his account by setting up a simple macro to spam click the ads. His account will be banned and lose all money.

One last thing, I updated the links on my site I had pointing to the dot com domain.

Keep us updated, I am very keen on hearing how this issue is resolved. You might consider a donation fund to pay for legal expenses, I’m sure the blogging community would pitch in a dollar to fight the good fight.

No, BittBox was compromised ’cause of a WordPress plugin. I myself checked his blog feed after two months ’cause of staying busy doing other works. And just a few hours later, I read your message @ my MyBlogLog profile.

Back in October, even my blog faced a serious attack. Fortunately I was able to control the situation. Anyway, I wish you get your domain back soon ’cause I’ve seen you working hard to promote your blog.

David, kudos to you for standing by your principles. Fact of the matter is, the domain name is worth zilch without YOU behind it. So, in a way, you are correct, it is not worth the while to pay money to get it back. At the same time, paying opens a whole new can of worms. You should see some of the really weird domain names in China. Nevertheless, they garner huge followings and have a lot of revenues.

Guess what I am trying to say is – David Airey is still David Airey whether it is a .com, a .co.uk or a dot-whatever. We all know where to find you. :)

Just a thought…
Have you contacted the poice department in Ft. Lauderdale? Maybe they would be interested in pursuing this as a criminal as opposed to civil crime and that way it would not cost you anything. You may at least get the satisfaction of rattling his cage. I would think that since he broke into your account to get the domain that it is a little more criminal than domain squatting.

I always felt a little old school-ish for not using Gmail as much, no regrets now. One thing to note though, when you use less than a complete URI, your RSS/Atom feeds might not be able to provide a click through to the correct URI since the mail URL will be missing (I might be wrong, but do check).

I hope you get this damn thing figured out and kick the hackers a*$^. Happy Holidays David!

David – thanks for keeping us all informed with what happened so we can all learn from it.

I’m gutted for you, and the guy that did it – who may well be reading this – is a class A w@nker!

I think you should settle on the fact that he’s done you – but take comfort in that davidairey.com is worth nothing to anyone other than you. In my opinion it’s not worth the legal fees and this con artist isn’t going to hold on to what is to him a worthless domain.

What has made your blog so successful is the quality of your writing and your attitude, and no one can take that from you – so keep at it and even if you’re now stuck with .co.uk – it won’t matter to any of us.

Ow, David. I feel for you. First, the Google penalty (but at least you got your SERP back) and now this.

Even *if* you lose your .com, at least you got this out in the community, creating a buzz to rebuild and we will follow *you*. Without the man behind the blog, the .com site is a shell. Your .com site is “too hot” to unload now.

There are two kinds of hackers–criminals like the person who stole your domain, and “Ethical Hackers”, who don’t break the law. The suggestion that you hire a hacker to take your domain name back by force is very bad advice–if you did that you would become a criminal too. And since the hacker you hired would be doing illegal things, it would not be wise to trust that person.

I applaud your decisions to take the moral high road, refusing to pay ransom money, and also refusing to strike back by illegal means. It is often frustrating to be ethical and use the slow, imperfect legal system, but illegal shortcuts just make more trouble in the long run.

I just stumbled upon this story and am intrigued by your plight. On the one hand, I think it’s admirable that you are sticking to your principles, but on the other, it’s foolish business sense for someone who earns a living through your website.

Some of the suggestions that I have seen such as building the profile of the .co.uk domain are possible. But they can be time-consuming and expensive. I’m not quite sure what your target market is, but if you’re trying to appeal to global audience then having a .com domain is crucial (in fact, there’s little harm in snapping up other TLD’s too).

Over the holiday period, it will be difficult to have this matter resolved in a prompt and satisfactory manner through legal channels. I think the best action for you is to email the hacker with a new offer of something around $100 with the threat of legal action if they don’t comply. I’m assuming the hacker will want a quick resolution without legal action. Hopefully the $100 will be sufficient enough to entice them to transfer it back to you.

If you think that the process of getting them to transfer the domain to you through legal/diplomatic means will cost more than the £60 it might cost you to pay him off, then you are making a poor business decision.

As I first said, your principals are admirable, but principles are meaningless to someone who’s losing money by the hour!

I wish you the best of luck in getting your domain back and I hope it goes smoothly. I’ll help your cause by stumbling and checking back regularly.

I was shocked to hear this when I got an email from you while this was happening, and I’m sorry you have to go through all of this.

I do hope you get your domain back, and I agree with you on not paying this bastard a dime!

As a hosting/domain company, I think domains should offer more protection than just an EEP authorization key, something like a personal question should be asked, similar to how banks ask you like three questions:

-What is your mother’s maiden name?
-What city were you born in?
-What was your first car?

Even custom questions that you make up. Those questions should be asked before a domain could be moved out (along with the EPP key), and maybe it could be an extra fee one pays per year with their domain, because I would surely use it and no doubt others would too.

I can’t blame ICDSoft though, they got a support ticket and sent out the email. But as a host, I’m seriously considering adding some sort of feature that would let us ask a variety of “personal” questions to safeguard a domain in case someone did gain access to your email, because you would have to know that person pretty well to answer questions like that.

The compromise level rests on the host now, as only they would have the questions/answers on their end (it wouldn’t be something you would store in an email, just as you wouldn’t store the answer to something you know very well, like your birthday or mom’s maiden name). Keep it internal, off the public network, encrypted, etc., just as credit card information is treated.

Again, sorry to hear about all this, I couldn’t offer much help when we were emailing back and forth because that is, unfortunately, the nature of domains.

Best of luck to you with this issue, I know you’ll get your domain back eventually :)

Find out how the RIAA takes people to court for stealing music. They seem to know how to sue people, starting with only an IP address. And once you win your case and find out who he really is, then file a civil suit to get compensation for your legal expenses, emotional distress, and of course, your financial losses due to the site being down. This jerk’s arrogance makes me sick. I hope you pursue this to the end and catch him. I guess it could be a her =) I’m sure if you setup a paypal link for donations, you’d get plenty of help for your legal fees.

Actually, there is only one type of hacker; a hacker is a person who digs into something out of curiosity and to learn about it.

There are, however, two types of CRACKERS, ethical crackers (aka, white-hat crackers) and criminal crackers (aka, black-hat crackers). Minor distinction, but it makes a lot of difference (though in the eyes of the media and most people, hacking /is/ cracking… *le sigh*)

Anyway, I set up a little macro to clicking every link 100 times every 5 seconds (just about the most my connection could bear). I think the macro got through about 3-4 minutes before the davidairey.com site stopped responding. I probably just got blocked, but if it does come back up, I’ll start the macro up again to try and FUBAR the person’s chance at making any money off the site.

I hate crackers just as much as the next person; they give hackers (real hackers, people who just want to tinker and learn) a very, very bad name.

I hope you get your .com site back, and I hope the thief in question gets reamed for it.

People like that are scum and give all hackers a bad name, but try contacting CYBERGATE his isp. They may be able to give you information. Take him to court he has to pay all expenses as restitution and since u got those email from him for blackmail and a confession linked to his ip address he has no case. Good Luck hope it works out for ya!!

You don’t have to go to WIPO, you can go to the police. This isn’t a civil case of domain dispute, but a criminal case of identity theft, electronic fraud, invasion of privacy, circumvention of encryption…

Once you’ve brought the criminal case, you can bring a civil case against this guy, recoup your losses, and send a message to other Creationists who might try the same thing in the future.

I would try to file a complaint with Sedo’s domain parking as well. They seem to be the one’s now providing the content for the website. Also, you’re domain name or website wasn’t trademarked in any way was it? If so, you most likely have a stronger case. What the new holder is doing has a tech name, it’s called cybersquatting. Searching for info on that may get you a little further. There is a federal law passed in 1999 to combat this problem. This article may help, as it provides some background to the problem.

I usually skim blogs as I read them. I actually went through and read everything. I cant believe this happened to you. What a bastard! It would be nice if you could hack into Peyams email and phish it back ;)

I have a similar situation that happened to me and I am still trying to to figure out what to do. I hope that someday we can figure out how to secure up some of the most important things that we use everyday and stop letting these idiots mess with our hard work.

I took the liberty of submitting the information you found, both email addresses and the IP, to /b/ of 4chan. We can expect that, with any luck, thousands of /b/tards will be gleefully raping said hacker within minutes.

Pay the money, in the process of paying the money, you’ll have an account (and possibly name) that can be directly linked to him. Once you’ve got the domain back you can file charges for extortion, theft, blackmail, and/or any number of other charges. Plus (since I’m sure you’ll keep the receipt) proof of what was paid so you’re likely to get everything you’ve paid plus legal fees and travel (if it has to be filed in the US ) so you could actually come out with little to no loss.

Morals are interesting for they create barriers of belief that limit action and limit vision. Action: get your domain back. Vision: where and who is your real enemy?

The courts charging such high fees makes them the real criminal, not the hacker. Yeah, the hacker kicked your behind, but the courts are about to crush your skull. Take your beating and click home (pay the hacker).

Besides, the hacker, ultimately, is on your side–he’s a computer guy too. The courts are not. He’s a little boy playing computer; the courts, fat fascists. He’s (or she’s) smart too; courts are bullies. Some kind of bravery it takes to do what he did; it takes no bravery nor inner strength to charge $1500 to pretend to help.

And man, did you learn a lot?!

Pay the kid, at least make a little offer. Furthermore, maybe you can find a way, through domain location, to kick his buttocks (metaphorically?). Don’t let some fools do it for you.

Have you tried just redirecting your domain name back? A lot of people who register their domains with GoDaddy don’t venture into the settings, and domains aren’t locked by default, therefore if he hasn’t locked it down, it should be possible (legitimately) to just take the domain name back.

I can’t remember the details of how to go about it, but I’m sure there’s a howto somewhere on the interpipes.

Me, I check all my settings on most of my apps and services regularly (including GMail), but that’s because I’m a tinkerer, and most people aren’t.

I would go ahead with the legal battle (provided you have a fairly good chance of winning) and set up a donation link. I’m sure with the amount of visitors you have you’d be able to generate a fair amount, even if every person only donated a dollar.

Then, as thanks for the donations, you can keep us updated on how the legal battle goes and hopefully, announce your success and name the perpetrator, who should be shamed by the whole internet!

Wow… I’m so glad that you posted this and added it to Stumble, as I’m assuming that it was you from the screenshots. I, as well as several of my friends use Gmail, and some of them run their own websites. I’m so gonna pass this site on to them.

David~ If you can see my email, please let me know as this updates. I really wanna hear if you come out on top.

Hi Dave,
I don’t normally respond to blog posts, but this is a real eye opener, i immediately checked my gmail account for filters / forwarding etc, and found i was safe. One thing to note though, there’s absolutely no guarantee that even if you pay this scumbag for your domain back that he’ll even give it to you, so taking the moral high ground is also the safest way to go.

As people have said, this isn’t a civil dispute, it’s a criminal case, your domain name has been stolen, after all, you bought and paid for it until 2009. A domain dispute generally applies to someone purchasing a domain registered to a company or trademark to take advantage of traffic. Your domain, which could also be defined as your online ‘identity’ has been stolen, there’s nothing to stop him putting something derogatory on that domain now, and discredit your name throwing off potential new customers, and potential loss of revenue as people visiting via a Word of Mouth approach will no longer hit your website.

I know how it must feel, but if that domain actually brings you money, I think you should pay up. Of course, bargain to 100$ which is just fine for him and that’ll be it. Everything else is bound to cost you much much more, but more importantly, if you really care about it you’ll just get very stressed and it may act out on rest of your life.

Of course, you can just forget about the domain :(

And third option, which I really, really doubt will work, start a petition on some online petitioning site. Since StumbleUpon now links to this blog entry you are bound to have many many signatures :) But then again, petition sites are no authority and GoDaddy will ignore that.

And of course, I doubt that anyone can hack him. It would be best to find him and beat the crap out of him, but from his english which is not very good (just like mine) I see he’s not american. He’s just using a proxy…

Although I admire you sticking to your convictions so sternly, I think its acceptable to admit when you’ve been beaten and pay the ‘hacker’ (I use this term VERY loosely). As long as you can find some way to be sure paying him will get your domain back. Not to mention, I don’t know anything about the type of money transfer the ‘hacker’ is suggesting, But it would seem if you send him money you would have a way to track him? I would want to find this guy just to punch him in the face.

David, I am truly sorry for your loss of that domain.
Domain Hijacking is very tough to do but see this is why I would use my own email server or a friends.
I dabble here and there some would say I do more but if there is anything you do need and/or anything I can do for you feel free to email me.
I know its a random person on the internet with a alias but honestly I will help you all I can.
Thoughts may be running through your head like ‘Can I trust this person?’ ‘Maybe I could give it a shot’ etc etc.
As well as my knowledge I have ‘friends’ who would gladly help out just for the fun and experience of this.
If you are going to take it to the courts eh I wouldn’t do it until all attempts to regain the domain were exhausted.
Your lucky the person who took the domain never put a whois protection from GoDaddy.com maybe it was just to extort you anyways.
I’m glad you won’t pay for the domain to be back in your possession.
Anyways like I said any help come and email me (I’m fairly sure you can see my email being as it is your blogpost.)
I found this through stumbleupon and definitely considering reading more into this and you.
This peaked an interest thanks for the read.

Oh I would also like to point a few things out on some posts.
Y’arr you are incorrect. If you would like to know the correct terminology you can email me. (Is it safe for me to post it?) Liquid369@gmail.com
OO Your taunts fail he hasn’t fallen to any yet so what makes you think he will David looks to have plenty of pride it won’t work.
@Everyone.. Bringing the case to court many cyber crimes are hard to convict someone try to look out for that although cyber law is becoming more and more intricate and severe.
It would not be in David’s best interests to invest that much money into the court system even if he has a strong case (Keep those emails David they are useful but I am sure you know this)
Anyways lost my train of thought someone interrupted me during my time writing this :x

David, sorry to hear about the bad luck with gmail and the domain. I would suggest getting ahold of ICANN and informing them that you did not iniciate the domain transfer, also contact the company you originially registered the domain through and ask them to check the email headers of the email asking to transfer the domain as your address was probably spoofed since the hacker didn’t have direct access to your email account. I also second the people saying you should go to the police with extortion charges, there are several federal offences wrapped up in this if the person is indeed a US citizen.

I see that no one has suggested filing a complaint with http://www.econsumer.gov This is a website suggested by the FTC Federal Trade Commision for cross border e-commerce complaints.
You can also file complaints with the FTC and FBI here in the US since your site was hijacked by an American. Just remember if he has done this to you then he has done this to many more people that are less than vocal about it.

I’d pay the guy and get your domain back first. Business is business after all.

Going through the domain retieval bit will cost you a bomb and take so long your domain will have lost it’s value. It’s all very well to have principals, but not if they cost you so much they put you out of business.

There is also the possibility of sueing afterwards, but that would cost a bomb as well. I would contact the US police and see if you can get the guy incarcerated.

Somebody must have a link to the US equivalent of the Fraud Squad…

If I paid £150 and the perp got 2 years hard labour I know who I would feel had won!

I do agree with the other commentators who mentioned that it’s better business-wise to just repurchase your domain, but I’m really amazed that you would stand to your principal that you won’t give this kid anything. That is a very strong lesson for us all, and I’m really grateful for what you did.

I am pretty damn sure there will be a lot of people who will help you in this matter. And I have a strong feeling that in the end you will emerge victorious and your business will fluorish even more than before this thing happened!

That SUX!!!
I am a ‘super moderator’ over at webdeveloper.com and there is a post in one of the forums regarding something very similar to this one. I’m going to share this story & URL to it, with them. Your story & advice might be of some help to them.

Offer to pay the hacker, get an address to send a check, or at least a paypal account or something that you can track back to an address, then hire someone in Florida to break his hands, wait 10-11 months for the domain to expire, and then register it.

Well maybe not the break his hands part, but you should play along and try to get as much information out of him as you can, could be handy if you decide to continue the legal route.

Is there a way that we could start a petition in regards to Godaddy , ICDsoft and or Google? If enough people get in an uproar about this, someone has got to pay attention. Even if the media gets involved.

Its not even my site and Im pissed off. I will be checking back to see how this goes.

I consulted on a case where the client was seeking whois info for someone who had a domain name registered with godaddy and was using godaddy’s whois cloaking feature and was also uncooperative when informed of illegal activities. The case was turned over to the FBI. The FBI is quite capable of determining who is paying for the domain service at godaddy.

I’m new to the site. I just got here through Stumbleupon. I think it’s terrible that this happened to you. I would suggest perhaps, since this was a bug in Google’s system, that you contact someone over there and see what information/advice they could give you about this situation. I understand that they have nothing to do with this hacker, and no way to give you your domain back, but hey, it wouldn’t hurt to give it a shot. Maybe they have a log of activities that might show when that filter was added. If you haven’t cleared your history, perhaps you could re-examine it and find out what website you were at. This is just a guess on my part, I don’t know if they even keep track of that, but I haven’t seen anyone else suggest it, and it might work. I’m sorry about your pagerank, but you’ll get it back soon enough, and with your site on Stumble now, you won’t lack for new readers.

man, what a way to celebrate Christmas. :X David, I was thinking: why not write to Google, and CC your letter to Matt Cutts? I don’t mean a letter deriding them for the security hole but one that simply explains what happened to you, along with all the evidence, including the hacker’s IP address. Then tell them that you have been a dedicated user of Gmail and many of their services and would really appreciate any help they could provide on your behalf. This is an excellent opportunity for Google to demonstrate some goodwill towards bloggers especially in light of the latest pagerank fiasco, and with their resources, you never know. It couldn’t hurt to try, but I stress again that the letter should be civil and should indicate that you hold no ill-will towards Google, but that you would welcome any guidance or help on their part. Good luck!

Oh, one additional, thing, I would also write a similar letter to Affinity (Hostway) http://www.affinity.com/ and explain the situation to them, since they own the IP block that contains the particular IP address this hacker used. There’s no way to know whether he’s actually a legitimate user of their service, or whether he used one of their servers as a proxy, but they would certainly be in the best position to investigate and maybe come a little closer to finding out who this f__ *ahem* I mean… perpetrator is. :-P

I stumbled upon this article just now and I must say, I’m appalled. This is ridiculous and I am so sorry. I just checked my gmail filters and thank goodness, they’re okay. Most of my other important emails go through my mac account which I don’t give out.

Good luck with this, I hope you don’t have to go through court. Dave (commenter) is right. Call the cops. This isn’t a civil matter, this is criminal.

I definitely don’t agree with those who say you should just pay the person. Yes, it’s easier, but it lets him get away with this and he won’t stop here.

It’s a shame that this has been done to you. Good luck to you, and I KNOW everything will turn out okay. As someone else said, I think your business will do far better AFTER this huge ordeal than before.

Your story is a lesson to me too. I would have paid, moaned and moved on with life and letting the creep carry on with his deeds, stronger and fueled by my ransom payment.

Having said that, my two cents worth is to pay him and get your domain back. The sooner the better. This should not neither weaken your legal action plans and all other efforts you will make to shut him down.

I hope you do not find my two paragraphs above contradictory. I am advocating a practical approach… paying a ransom… but then not forgetting about it and letting the slime ball carry on.

I suspect I am missing the ‘principal principle’ point here but thought I should still share my thoughts with you anyway, maybe it will be a little comfort for you to know that people all over the world are rooting for you.

After reading this I checked my filters on GMail. Nothing there. But I set up one myself:

Matches: Forward to
Do this: Skip Inbox, Delete it

In other words, any email that comes in with the words “Forward to” will be automatically deleted. You might lose a few emails this way, but at least you will not run the risk of having this happen to you.

I didn’t read alllll the comments. You have a lot of support here! :) But I think Google wouldn’t mind taking a chunk out of this guy as well. Maybe they would perform the good deed of sending some of their high powered lawyers after the guy. Sure they need to tip toe around their perceived liability in the case, but going after this kind of hacker would earn them a lot of good will.

You spend a lot of energy and money on your business (cards, website, etc.) and then base it all on a free e-mail address without any contractual obligations to you? It would seem like there is a lesson to learn in here somewhere. I’d say calculate what the domain is worth to you and get it back if there is a clear cut case it’s worth it. Otherwise just leave it. These things happend, just make sure it doesn’t again. There are worse things to worry about.

I am really sorry to hear this. Its a loss and I can understand really. I almost lost my blog to a server crash, and I had to work round the clock for 4days to get things back to normal. So I know what you are going through.

But what happened to you is more frightening. Loss of domain is like somebody taking away your home, and holding you at ransom to get it back.

The guy who did this, has no idea how much work you had to put in in order to reach to this level. I pray such thing does not happen to anyone else. You have written a very informative post and helped us realize that this could happen to anyone of us and we need to be more careful.

Thank you for making us more aware and Please, rest assured, the Blogging community has your back. I don’t have a very popular blog but I would help in any way possible. Please let me know If I can do anything at all.

So, is this an issue with Forwarding Mail to an IMAP or leaving a POP mail forward in place, and then having it hijacked (because this was turned ON) or is this truly a security risk? In other words, if you had forwarding turned off, and filter turned off, could this ‘hack’ have occurred? Or was it due to these options being turned ON, and if so, how is it that this person was able to get to YOUR mail specifically? I empathize with your plight, but your statement that there is a ‘flaw’ in gmail is a bit misleading if in fact the flaw was in how you established forwarding or in how this cracker got to YOUR email.
Have to be honest in that I thought this was an article on issues with Gmail, not some hijacked domain.

Look man I know you make your life on the web, and Im sorry that you were hacked, but come on. This Gmail hack has been KNOWN for quite some time. People still use Gmail because its FREE, as in you dont pay for it. The saying that you get what you pay for is very true here.

The flaw is Googles issue, it does reflect on them and there reliability, but you using Google reflects poorly on you. If you are worried about your email security why didnt you use the email address and account provided by your domain host?…Sure it may cost a bit every month but would this have happened?

Dont want to shell out cash every month…Pick up a E-Machine and set it on the floor next to your desk. Purchase an outlook email server or go open source.

The fact is you left yourself open to this by not reserching the tools that you were using. Another fact is that there will ALWAYS be security holes in anything that you use. If you feel nervious about this then you should move your email to a place that you can physicaly controle, and that way you can make sure that all the patches provided by the vender are applied.

Again I am truly sorry that this happend to you, but dont blame Gmail. Google was just offering a FREE service inteded for personal use, not business transactions. You run a business, so spend the capital to protect your investment. You may even find that its a tax write off (please see you local tax authority regarding tax write offs)

What if he has used a buggy, computer with lots of ports open, as a proxy from somewhere else?
Root cause was the vulnerability of GMail… try bugging Google about this and give a criminal complaint with the police and they may churn out some information about that GMail account and deal with GoDaddy.

Even if you are unable to get the domain, at least the system(police, ISP etc.) will be enlightened about these sort of crimes and they will be cautious in the future.

Pay the money and get your domain back. This is the cheapest it will ever be.

Look at it only through the lens of the present. Buying a domain name highly relevant to you with great organic search position is $250. No-brainer.

Plus, if you pay then you have one more lead on the criminal. The escrow service has to have a way to pay him, and the courts (ha.. sending the courts to chase a $250 crime) will have one more record to subpoena.

Well, I’d do this a little differently, but it’s a matter of getting your hands dirty – I would schedule reflective DOS attacks on your former URL and any other IPs related to this criminal’s actions. If he’s gonna steal your URL, he shouldn’t be able to use it either. Also, this may cause bandwidth costs for him. Just a thought.

Firstly, I am really sorry to hear about this, I know how frustrating this is! I’m impressed that you managed to keep your cool and what a wonderful article this was.

I’m not sure what your financial position is, I do agree that you don’t pay the alleged hacker a cent, but taking legal action, if possible, should be done. It would be lovely if justice could be served and that little prat could get a nice backhand for sending you a ‘christmas offer’ on your own domain, I’d like to backhand him for you!

If you need any support, please drop me an email and I can try and help where possible!

How terribly viscious. Once again, I’m glad you stick to your principles though I must admit it would seem awfully difficult not to succumb to a $250 ransom just to restore ones legitimacy and call it a lesson well learned…

For now, Wish you a more Merry Christmas and Happy New Year to compensate your broken holiday.

And, I just want to comment on that image addresses. You didn’t need to manually edit each photo. All you needed to do was after exporting the database, open the SQL file and do a Find and replace and replace all “blog.davidairey.com/images” to whatever new address you want, for example “images.davidairey.co.uk” or “www.davidairey.co.uk/images”.

Don’t give into that little criminal. Stick with your intentions of pursuing legal action because this guy deserves to get a kick in the ass rather than $250 and a boost to his ego. It’ll only make him go after other people and make you feel terrible. It sucks, but when you get through this all, you’re going to look back at it and laugh. If you give in for $250, you might be glad to have your domain back sooner, but you’ll look back and only feel worse for giving into a worthless criminal. Also, what are the chances he’ll really give your domain back?

Do what you believe, even if it costs you several thousand dollars, I know you don’t want to give into this guy – so don’t do it, and don’t listen to anyone who tells you otherwise. The publicity from this has generated much support for you, and I’m sure you’ll make up the money by the continued support of your rapidly growing fan base. Trust me, your conscious will thank you down the line.

Interesting read, and it sucks that anyone should have to go through with that. Ultimately the blame lies with your web host who shouldn’t have handed such details over without confirming, but sometimes the better gets a hold of us and in our earnestness to be nice we end up trying to make other’s lives easier and less complicated – which of course can have disastrous effects like in your case.

I have had experience with domain squatters who sit on domains, and the best way to deal with it is to play hard ball or get aggressive. The US address you found is most likely a proxy, and this guy is probably doing this as a full-time job. He probably makes a lot of money by stealing these domains, and I found they usually come from Eastern Europe where the laws are a little more relaxed or not caught up yet with electronic laws – so he can do these things with little impunity. However just because they don’t have laws yet for this, doesn’t mean they won’t co-operate in bringing down the sleazebag.

You made a few mistakes in posting this – one he’s using a Made for Adsense type site to make money off of YOUR traffic. By posting this you are going to peek curiosity in the domain and people being curious will visit it and thereby generate traffic to his page – which means the value of the page goes up and his offer goes up along with it. Also someone Dugg this which means again increased traffic – it could pan out well though if the digg community helps out *hopefully*. Also providing his contact details isn’t good because right now it’s you’re only means to communicate with him, and spammers/harassers could start spamming the guy thereby making him abandon the account and you losing your way to communicate with him.

If you do take this to court, you will Win and this guy if found will serve a very heavy penalty – and rightly so. But in all intents and purposes I think you should settle and pay the $250. But again who knows if the scumbag will even transfer the domain to you. You pick the escrow service, and maybe initiate the deal and once it’s in escrow – report him. Then if you’re lucky you can walk away with the domain if you can provide sufficient details that you owned the domain prior to the fraud.

“schedule reflective DOS attacks on your former URL and any other IPs related to this criminal’s actions. If he’s gonna steal your URL, he shouldn’t be able to use it either. Also, this may cause bandwidth costs for him. Just a thought.” (Quote: PM)

No, you don’t want to do that. It’s parked by Sedo, I believe. That means those DOS attacks would be hitting Sedo’s servers. They’d likely file a lawsuit if you’re attacking their servers.

I noticed bebu.net was registered with privacyprotect, and on their website they have a form for disclosing the contact details if abuse has happened: “Our abuse team will review the complaint and reveal the actual contact information of the owner where appropriate.” — http://www.privacyprotect.org/

It could be worth a shot to try and fill out the request domain owner information form, and maybe, just maybe, the attacker used some real information when he signed up for that service.

I think you should sue the bastard. If he isn’t put down now, he could easily do this to anyone of us in the future. If you take legal actions against him I’m sure the fine he has to pay you will cover the expenses. If not, set up a PayPal account for us to donate a couple of bucks for the good casuse!

This guy is no hacker, that institutes way too much credit where it is not deserved, but rather he is an exploit script kiddy. I’ve seen them before. When they get caught, the only thing they knew how to do was probably when they fucked you. You are probably one of a handlful. and now they are scrummaging ti get your domain back. what will happen is this person will allow your domain to expire and you will end up having to buy it again.

I’d go forward with the criminal case before it gets too cold. Pay what it takes to get subpoenas for data from the ISP’s involved and trace the prick down. Perhaps, once he knows he’s looking at jail time, he’ll come clean. Then clean him out to recover your expenses and lost revenue plus punitive damages in civil court. Personally I’d like to see this slimeball behind bars, but he’d probably spend all his assets on attorneys and you’d be out the money…

i find it very disturbing so many people advocate just giving up and giving in to criminals and their immoral activities. and as you have discovered the ‘authorities’ really don’t care to do anything until they get a cut of your income.
for gas money and all the info you have unearthed about the hacker i know a few people who would be happy to drive into florida and discuss the situation with him.
in between his screaming fits.

As mentioned above, I’d contact the police. But I’d make sure to have this guy checked out by the FBI and the Department of Homeland Security. See how much he enjoys talking to them for a bit.

I would also contact his ISP provider and tell them they are aiding and abetting a criminal and would they like to go to court over it?

And, I’d tell the guy that his e-mail addresses are known, his IP-number is logged and express your fond hope that he’ll enjoy talking to the FBI and the DHS as much as he has talking to you. And why do you do this: he’ll deny it of course and he may genuinely not care, but at the very least you’re going to take away his peace of mind. Especially when he knows you’ll have taken the steps for real.
Make sure to tell the Feds that you can’t rule out the possibility that this guy is supporting terrorist activity. He’s going to have so much fun explaining to them he’s just a common crook.

I bet you the next time he e-mails you, he’s not going to put too many smiley faces in his message.

And you might learn a vital lesson too: never tell anyone that nobody’s manning the wheel. Don’t invite it. If you have to take the girlfriend out for an extended trip abroad, craft your message so that it seems like you’re looking into your e-mail regularly.

Although it seems a lot of commenters are suggesting you buy it from this guy—even suggesting it would be beneficial—I’d be wary about the “escrow” service he’s using. Aren’t quite a few eBay scams based on fake escrow services, after all? If you do decide to buy it off him, make sure it’s a reputable service or that you negotiate another form of payment transfer.

And you can’t necessarily assert his location, since he could easily have used an US-based open proxy…

I’d expect that if you go through the right channels to legally catch and prosecute this guy, and report on it to the degree that the legal system allows, that you will attract and maintain a much wider readership than you have now.

Best of luck! Set a good precedent for the rule of law, honor, and the right to property. Jail time, and a huge damage award… that’s what I hope is the outcome.

Godaddy just wants some legal document to cover their ass to transfer the domain back. Surely your country has some form of small-claims court? Pay the filing fee, show up, tell the magistrate what happened and since the scammer won’t show up you’ll win and have a legal document to give Godaddy to get the domain back. No need for a lawyer or ICANN arbitration. You win by default.

Oh, and the scammer probably wasn’t from Florida. It’s not difficult to go through an open proxy or Tor node.

Find out where he is accessing the Internet. Go to the general area ask around about buying a domain illegally. Then meet him and kill him in the most violent way possible. Document it and post it online. Make sure to pay off the local authorities. Also, as a disclaimer, this is done at your own risk.

Just saw this post. And its alarming. I am hardly ever signed into gmail, i use thunderbird.check out the link and info below. Looks like a web host Affinity Internet, Inc owns the IP address range that includes 207.36.162.100. Hope you get the name back. Also file the teft & fraud to your local police. This is a crime, they will be able to get a warrant that will enable them to look at the data concerned with the persons escrow. It is essentially ID Theft what has happened to you. I would also change all passwords & double check any services you use from the gmail account! eg. Paypall, Ebay, personal banking, myspace, any thing. To ensure that the contact info has not been changed on anything else!

Unfortunatly, I agree with PM. Not in DDoSing your former domain, but that street justice is swifter, less beauruchratic and costs less (in time, travelling costs, lawyers and other costs if you also lose the case).

I don’t like to promote this kind of actions, but unfortunatly, they’re more effective.

There’s gotta be someone you can call to press criminal charges, and you have a civil option as well.

Have your lawyer contact Cybergate with the IP address and date/time that he filed the support ticket. You may need a subpoena from a US court, which of course complicates the hell out of everything. The ISP can give you the logs of who was using that IP at that time, and that’s who you press charges against.

If I still lived in Florida, I would offer to drive over and yank him out of his house to kick his ass FOR you. Reading stuff like this makes me pretty mad.

I also thought of the DoS attack situation. I mean you got his IP it wouldn’t take too much to simply attack the whole subnet of his ISP. Though hacking like that is not cool at all but revenge is sweet.

Since you got his IP, the time the email was sent and his ISP’s name have you tried to talk to his ISP? If they feel he violated TOS they would cut him off the next day and well that is just as bad as finding out your site got hacked. But aside from getting his internet cut off you can also get information such as his name, address and phone number then post it on the net. I mean really if he is up to no good then he doesn’t want his details posted all over the net does he?

pay the money already!
look, since its christmas i’ll lower the price to 200 bucks.
200 bucks for teaching you a lesson about security, static/dynamic links, email filters vulnerabilities
and other topics on doing business on the web is a great steal.

I’m so sorry for your loss haha. Just thought I’d let you know that IP locations are not exact. I just checked mine, and it listed a city 45 minutes away. So there’s a good chance “Payem” is not necessarily in Ft. Lauderdale…probably a poorer community around there.

I suggest what Keith said, being in the U.S., myself. This is a crime, fraud, treat it like one. Your location doesn’t matter, the thief’s location does. The FBI isn’t the smartest apples in the bunch, but they do have the authority to remedy this. Do keep in mind that just because you have an IP address doesn’t really mean you have the true originating IP. Spoofing and remote hijacks (zombie bots) that basically would function as a proxy exist, but the escrow would have a trail who would lead you to the perpetrator. But .. don’t you think the thief is reading these comments? Do not give away all the ideas presented.

My apologies if this ahs already been suggested, but get the FBI in on it. If this person invested this much effort and time into figuring out the system, they are no doubt attempting it with a lot of other people and large-scale criminals. Thieves like that have always really crossed me the wrong way, and in my opinion as the web develops need every ounce of accountability possible brought down upon them.

According to their site:
“third, to counteract operations that target U.S. intellectual property, endangering our national security and competitiveness; and fourth, to dismantle national and transnational organized criminal enterprises engaging in Internet fraud”

Most people roll over and let the garbage get away with it. Take them down. Forward all the information you’ve collected and hopefully put the scum in jail.

I would try this:
1. open up a sedo.com account
2. bid for the name. When your bid is accepted, the current domain holder will have to send Sedo an auth code. This will tie the domain up for up to a month while Sedo waits for your payment. In the meantime, contact Sedo and let them know that the domain was fraudulently transferred away from you and you need the legal contact information of the seller so that you can procede against them legally.
3. Contact domains by proxy and let them know that this registration was fraudulent, sending them all supporting information. If you know an attorney, an attorney-generated email requesting registrant info may help get the info you need.http://www.domainsbyproxy.com/LegalAgreement.aspx

Sorry to hear about this situation. It indeed sucks. I hope you serve this hacker his/her own ass. Seems that there’s a lot of folks out there, who like you and me, don’t value an honest way of making money. Don’t pay the sucker! And push this through litigation. Get a fund going to raise the money for litigation. The more we press authorities to go after people like this the more likely they are to think twice about hacking. He won’t be sending smileys and winks in his emails, when his cell mate is staring at him with a smile =)

Much respect for holding your ground. I agree 100% that paying off the criminal is the wrong way to go. It’s only because so many people give in to extortion that it exists. Fight the good fight. I hated it when the company I used to work for would pay off patent trolls. I knew those trolls would go on to use our settlement to justify higher rates to the target of their next attack. Smart business or not, don’t let these people steal your lunch money without a fight. Bullies need to get their nose bloodied sometimes.

1. Stop visiting “bad” sites. One imagines that you have enough Photoshop actions or whatever you were downloading there.
2) Pay the guy and get your site back
3)Call the cops. You’ll have the ip and escrow information at that point its a federal crime.
5) Get your money back and go on with your life.

Glad to hear you aren’t paying the jackass. I got scammed out of a domain too but like you was put off by the $1.5k fee charged by the WIPO. Hopefully the email you sent to him causes him to shit his pants, but anyways – have you tried the below?

You could contact the registrar (domainsbyproxy in this case) and ask? I doubt they’d do anything, but they would have his details – if they didn’t, that’s immediate grounds for cancellation of the domain.

Another thing you could do is feed him some sob story about not wanting to use Escrow.com because of the fees, and offer up $1000 for the domain via Paypal – pay with a credit card then chargeback after he transfers it, or report an unauthorized transaction and Paypal will return your money ( a) the scammer will not go through the rigmarole that is opening a dispute with Paypal, as more likely that not he’d get shafted and b) Paypal are a b!tch for online deals – they’ll return your money no problem).

Hope that little bit of advice helped you – I hate thieves and jackasses, and this guy seems to be both – good luck! And Merry Christmas too :)

Wow.. I feel bad for you. I had similar problems with people stealing pictures from my Facebook and they are not even on my list. I am still wondering how and they altered them and made a blogspot /blogger site as a hate site against me. All I did was email google about it and threatened them.

I can’t believe people would go that low to do something so stupid. I hope you deal with this. People have no ethics or morals. They think Hacking someone’s “life” is fun.
IT’S NOT!

Hi David,
I don’t know if this might be related but lately I have been frequently receiving emails asking me to change my gmail’s password. I don’t know if those were requested by a hacker or if it was Google trying to fix a security issue. I’ve ignored them because I can’t trust the links that are placed on those emails. Instead, I changed the passwords through my account.
Don’t worry about Page Rank weight. Your problem has become so popular, that you’ll probably get more links traffic on your .co.uk than before.
Cheers!

I’m sorry to hear about this happening, and though the IP used could have been anywhere (and may have been just a staging area anyway). As a Mississippi resident, I’m sorry that it was in Mississippi. I’ve emailed Cybergate, with a link to this blog post and encouraged them to check out the link.

All said and done. Well, Sorry David for what happened but before you lose more why don’t you register a new domain name similar to that? davidairy.com is available, I have checked it and it sounds similar and for a good marketer like you I don’t think it will take too long for SEO work to get done again. Least u still have feedburner. If later by some means you get your domain back it will be much better … like finding god while searching for a stone. GOOD LUCK anyway. I hope you’ve got your email back thou.

Eh, if you send him money, you have no guarantee he won’t just laugh at you and keep the domain anyhow. Just let the domain go, pick it up again when it expires (like the loser is going to pay to renew it?)

Also, googling “ba_marame_pooli” turns up some relevant forum posts – looks like the guy uses that email for some other stuff too.

A very important lesson lest we get hacked. Thanks for sharing what we can learn from the misfortune that hit ya.
BTW Good luck in getting back your domain, David.
@PM: Lol is launching DoS attacks even legal?

You could pay him the money to get the domain back, and then sue the person in small claims court to get your money back. By going though small claims court, you avoid having to pay legal fees, and you would probably win. The downside is that you have to know who the person is. But wouldn’t you have to know that in order to go through the escrow?

This hijack might very well have copyright infringement implications. You may have redress for damages and legal fees in the UK and the US, and authorities may help you trap the thief when you set up a payment with that party. This may be moot by now, since your hacker is probably reading this, so contact me off list.

I am part of a professional group of image makers worldwide who organized to protect their rights. Have a look.http://www.pro-imaging.org

I would assume this is stateside, so a lawyer getting a judge to subpoena the ISP’s logs will end this quick if it’s some punk kid (which from the email’s and the low asking price, I would imagine it is).

However, this will be tied up in litigation for quite sometime.

I would purchase the domain from sedo now and continue with your plan to prosecute in the mean time.

If this is overseas, by the time it’s settled, you won’t even care anymore, if this is within the US, it will be settled shortly, pending the info you get from the ISP.

This is Federal with the extortion, so it’s definitely escalated beyond a simple computer crime.

My point is, as stated earlier, buy the domain from the site for $200 bucks or somebody else will and then it’s gone for good… you have a nice little Alexa rating and decent links in, don’t waste that only to see some viagra ad running under yourname.com for all eternity on pride.

As a security specialist, it appears that you might have gotten a keylogger on your computer. They can get every password to every account you logon your computer. GMAIL is pretty secured, but i don’t think this was GMAIL’s fault, the good thing is that you got your domain back and that everything is alright. Again, im not saying that this was anyones fault (maybe that noob hacker wannabe), but you should scan your computer for any thing thats might have escaped. Hope your domain is okay and continues on!

David,
Good luck-Your decision not to pay the extortionist not only discourages imitators-how could you ever trust this thief to make good on his promise to return your domain name? Unless you could escrow the money to a third party I would never trust this crook for his word.
I lost an email address to a phisher and though it didn’t hurt me financially it was disturbing and time consuming to reestablish email contacts. I think a lot of this type of crime suggests sociopathic tendencies with no thought of consequences to the victims.

Hi David,
I must say that it does look like you have a very strong case against the hacker, if you can locate them. Although you have the I.P. address which may help you, if the hacker was using a proxy server to connect to the internet, this complicates things even further as, it won’t be their i.p. address, but instead the proxy’s i.p., I know very little about American legal procedings, and I personally think the suggestion of getting some one to hack it back for you could possibly be the best idea, although you would have to do it in exactly the same way as them and have it registered to a ghost email account then transfer the website to yourself for free, etc. if you know what I mean. You can find hackers for hire everywhere, just google it or search the mIRC channels till you find someone decent.

The page he pointed your domain at was probably full of ppc ads and affiliate offers right? Collect all the urls for those ads. They’re going to contain an ‘affiliate id’ stored in a get variable. Whatever sponsor is paying him for those ads can only do so based on those ids. Find out what sponsor he’s working for and report those ids. You’ll crush his profit.

Since it was Google’s negligence that caused your damages, whatever your business losses (including costs of recovering the domain name) are recoverable from Google. They may be willing to help out in exchange for your agreeing not to sue them. Or you might need to sue them to recover. But they’re on the hook for sure.

This happened to a customer of mine where he had signed up a domain for 10 years using a hotmail account. The Hotmail account haden’t been used for years. The thief registered to hotmail account, had the domain login info sent to it, and changed the Registered User and DNS servers to his.

Technically, he owned it. However, he failed to change registrars from one to another. After much pleading and the threat of legal action againt the registrar Tucows (not the thief) they “pulled a few strings” and miraculously the admin e-mail contact address was changed. I think it was quite obvious with the barrage of calls and e-mails that we truly owned the domain. Despite the cookie cutter e-mails we received like you received above we were finally able to get to someone who actually had the power to change the information.

Good luck recovering it. From the people I have talked to in Tucows, they said this happens all the time, and almost always requires legal action.

Sorry to hear of your problems but this is a glaring example of the Registrars not doing there job properly. As for that WIPO crowd there hopeless and it should not be costing 1500 to even begin to retrieve what is essentially your property.

I’ve had to look into this myself for a lapsed domain before (obviously very different to your own predicament) and the amount of trouble was unreal!

Its about time the Registrars were read the riot act as ultimately this is where a lot of the problem lies. Most notably with the likes of GoDaddy – I hear the most complaints about this crowd anyway.

Switch to enom who are teh most reputable that I know off. Personally I use a small private registration service and have insisted they call me personally to verify any changes to domains in my control. Only way these days…

Wow…You should be proud to have stuck to your principles. Don’t give criminals a penny, even if it takes a few months to recover your web traffic. If no one pays criminals, these guys abandon their practices and start working like the rest of us. There are always people who create (logos, in this case), and people who play havoc (stealing domains and invading privacy, in this case) :(
This thief has a Kurdish name, if he’s from a rogue muslim country, it’ll be difficult to put him into jail, let alone judge him. Good luck though.

man, this is one scary story. what i find admirable about you is not your unwillingness to pay this criminal a cent, but exposing the method (and how to protect ourselves) from this type of method, eventhough fixed. thanks, and i sincerely hope you get your rightful domain back with the friggin criminal caught!

Hello David,
I just finished reading your post and its really annoying to know this. You did alot of hard work to establish your online presence.

Now, I am not sure about this, but the hacker won’t be hanging on to this domain for a long time, as he wud have to pay the hosting and all. he has seriously done a price reduction as well, from 650 to 250.

As an IT student this I have to say is a problem more on your ISP / Host more then anything. It shows that they don’t have a good support agency and should have to pay any sort of court fees.

I had this happen to me a few years ago as well, I ended up filing a lawsuit against my host and won. As for the hacker, there is nothing you can really do. GMail is not at fault, as you know they are still in beta. Bugs will still exist and Google won’t do anything about it until its ready to release its gold version. Having a reliable POP3 / IMAP service under your own domain or even at another free service would of made a world of a difference seeing that this guy back doored himself from GMail’s filter system. A lot of free email services that allow POP3 / IMAP will need some kind of authorization either by a code, email, some even by telephone. I would strongly suggest getting something like that so that this doesn’t happen to you again.

Steps to progress:
– Save any documantion / images that releate to your GMail account.
– Contact Google with the evidence (do it many times if need be)
– Hire yourself an attorney that will not require much payment or gets paid when you get paid.
– Change all usernames, passwords. Even change your own home IP. This guy was doing this on purpose, and you were his target. It was not random. Having a hardware firewall or even a software firewall isn’t going to do you any good. You need to get contact with your ISP to force change your IP, saying that you are being tracked by a hacker and to force your IP to be hidden. Some companies in the States can do so.

Even if your not willing to get your old domain back, you have a lot of work to secure yourself.

David,
Have you visited your site and warned the addressing links of the theft of your site?
I’m sure they would not like to pay to a thief their linking fees.
I’m sure their webmasters would not like to have their own sites hi-jacked.
Stop their current value of links being reported to some “Click” advertising company
And
Make them aware of the knowledge that their sites maybe stolen in a similar manner too.

Put it out to your readers to follow the “click links” to their paying party and “Politely” discourage their unknowing support of hi-jacking.
Find the “Whois” webmasters of the linked sites & inform them they are supporting a hi-jacker.

Follow and stop the money paying for their current actions.
They also want to get your big ransom as reward may still not follow through on their “promise.”

DO NOT PAY. Maybe offer, but don’t give him any money. He’s obviously dishonest.

1) In terms of liability, GOOGLE has it. Their vulnerability created the problem. I’m curious if they would pony up the fees for the dispute. Certainly it is in their interest to help you in any way they can.

2) But you don’t have to go through ICANN et al. It is a criminal issue. The new hosting company knows who owns it now. Show them the issue and they’ll tell you who owns it, then you can call the cops.

3) Put up a “Donate via Paypal” link. Collect fees for a domain dispute that way.

This might not be feasible, but I would suggest going through your history (either on your computer, or with google history) and try to figure out what the “evil” site was that added the filter. That might give you another clue to the identity of the hacker.

Also, this might turn out to be a blessing is disguise as so many grassroots news organizations have taken up your cause. You might have even more traffic when you come out of this one. There’s always a silver lining :)

David,
Why don’t you contact his private registration company. I mean, they look like they’re a decent company and that they will address problems with spam and copyright. I bet they could straighten this out for you. Merry Christmas!

Thank you very much for letting us know of your situation and warning us, it is very scary.

Please re-consider your decision not to pay for your domain, the guy who did this may be a 16 year old kid from the way he wrote you back…he came down from 650 to 250..thats very unlikelly..if the hacker is a pro..without negotiating they are willing to lower the price.

If you start negotiating and be COOL about it and pat him on the job well done..he may come down to 50 or 20 dollars or nothing..

Most hackers just want fame and re-cognition and some money…even with the money he is not going to set the world on fire..he will most probably…buy a Wii or set of DVDs

I know it is morally wroung 100% on our part to side with the criminals..but the hacker….may not be even thinking in those high grounds..for him…it is all childs play..

I’m from India and you could consider one of your karma getting cleaned by going though this agonising journey.

thank you SO SO much for posting this and bringing attention to it. I too had a forwarding issue that I just now noticed thanks to your post. I have no idea what was forwarded, but so far I have not had my domain name stolen. I am so relieved I caught it.

So… why do people seem to think that paying this guy would get you your domain back? It’s worth money to him for Google traffic, and the way he’s talking about escrow sounds like he has some specific fake escrow service in mind.

I’m sure if you decided to pay him, he’d refuse to use any reputable escrow service, because they’d respond to a court request for tracking payment. Unless someone out there has experience with this kind of thief, I don’t see any reason to think you *can* buy your domain back.

Oh, and dearest Todd. This isn’t a $250 crime. If someone breaks in, steals $250, then burns down your house, it’s not a $250 crime. That’s not to say I think the courts will be worthwhile. I have no idea.

Much luck, David, and happy Christmas. If this is your biggest setback for the next few months, I’m sure your business will do well on any domain name.

Have you considered writing domainds by proxy and telling them your story? They do have a user agreement which is listed on their site. Im sure that whatever proof you can send them would be helpful in not just exposing this dooche but also getting your domain back.

Prohibitions: Domains By Proxy® is not intended to be used to protect your identity if you:

• Transmit spam, viruses or harmful computer programs;
• Violate the law or infringe a third party’s trademark or copyright;

David,
Sorry about your problem. We host about 150 sites for customers and some of them in the past would not have access to the e-mail for thier orginal administrator contact ( to change the DNS to us). We would just fax proof of ownership and have it released back to them. It’s a liitle bit of a hassle but should work for you problem.

You’ve eliminated legal action because the cost of filing with WIPO is too high. If you actually can get a real name for this guy you can fax $50 and a formal complaint to the county courthouse where he lives and open a civil lawsuit. With an open court-case godaddy may simply decide to hand it over. I’m sure some lawyer you’ve made a logo for will gladly type up a letter for you.

Start looking for Peyam Irvani’s in Florida, even if you get the wrong one, with an open case, godaddy may just give it back.

Website is currently down due to it being an on demand hosting..
Yet … I myself would have offered to pay him the lower amount.. Contacted the local fbi or legal authorities if you are a US Citizen … Then figured out how to filter the transaction seeing as he’s a web hi-jacker and not a …. let’s say … higher tier white/black hat hacker…. He seemed amateur to me..Plus the hacker himself would have been caught once he cashed the escrow …. All they would have had to do was trace the money… So not only would he b in trouble for intellectual theft and property damage… but he and his parents could have been sued for such things as major damage …. his first offer of 650 is a theft by felony … Not to mention a type of grand larceny ? *whatever the word is * … He would have been in trouble for extortion… I’m sure he’d have spent at least 5 years or more in jail…. Withshock probation he might havebeen on probate for at least 10 years no matter what his age…. unless under 18… then until his 18th unless tried as an adult ;)
But … Then again… these type of thoughts don’t happen until ur through the course… But if I were you and he’s dumb enough to access the escrow/net account then … Well… then … I would have done it.. he would have been caught cashing it ..

Or maybe have mailed him a prepaid visa card … Once you got the card and loaded it … Made sure you had the pin number .. so you could give it to him for withdrawl from an atm or told him to just use it as a credit card … And if he’s dumb enough to ask you to have it preloaded and mailed not to youbut him… well…. he would be caughter picking it up ;) … there were several solutions to your issue man…

I got a link to this page through digg.com… it’s probably a very good thing that this happened because plenty of people who probably know the best way to go about this will now read this and help you. I’m sorry that I didn’t read all the comments (read about 30-40), so I don’t know if anybody has a decent solution for you yet, but if you want, I might be able to help you get a lawyer who would be willing to help you. I’m a student at Harvard right now, but though I really don’t know if it would work or not, there is a professor here who teaches freshman seminars on copyright law in the internet. As far as I can tell, he seems to deal with these things (or at least learn/teach about them), and if you want, I could shoot him an email linking to this article and see if he would be willing to help you out.

I’d really like to help you, but this is about all that I can do (since I personally know nothing about law and have no hacking skills myself to steal the website back for you)…

Awful story indeed. Needless to say, I checked all my filters in gmail…

Did you get any word, help, or excuse, official or unofficial, from google ? I think they have some clear responsibilities in this case. I don’t think they will do anything for getting the domain name, but they could at least immediately tweak some search engine results (davidairey.com has PR5, 356 pages indexed at the moment, and about 1000 inbound links).

(1) Never, ever, ever, ever, ever, ever, ever (times infinity) use a hosted GMail/Hotmail/Yahoo/etc account for domain hosting. You never know when it might be hacked/compromised/go out of business/start charging $1000000 per email received.

(2) The address in Florida that this weasel is using will probably go to some grandmother’s home PC that’s either infected with something, or is running some kind of open proxy or TOR (google it). You won’t find this asshole, likely.

(3) Even if you do find this asshole, in Florida (which you will not) – there’s not much you will get from them .. and it will cost you more than you want it to.

Either (1) Pay his ransom if it means that much to you or (2) forget that domain name existed.

I hate saying it like that — but believe me, I’ve had domains hijacked (one of them being a three letter domain) through various ways. It was a lot easier in the old InterNIC days … to get a hijacked domain back. Now they don’t trust anyone. If the domain had stayed @ the same registrar it would be easier to get it back. Since the registrars only tolerate each other (and sometimes not even) .. they wont work together..

I’m really sorry to hear what’s happened to your domain. I stand by you in your decision to refuse to pay the hacker, that wouldn’t do any good. I’m really surprised that Google hasn’t stepped up to the plate to lend you a hand – they did instigate this whole situation. Hopefully with all this publicity you’ll be able to get your domain back.

David, I am really sorry for your loss. I’d be absolutely through the roof if this happened to me.

Here’s my viewpoint, as someone who works in the web development industry and has long experience in business. I think you are taking this personally (which is understandable) but you’re not dealing with this properly from a business perspective. Business is business. Your principals of not paying a thief are noble but a bit irrational under these conditions. If you could stand to lose 25% of 2,000 visitors a day by NOT having the domain you’d be a fool to delay buying it back, learning from the experience and getting back to your life and business.

Think of it this way… let’s say you are only losing 25% of your traffic as a result of this fiasco. That’s 500 uniques per day or 15,000 uniques/month. If you’re getting leads to the tune of a measly .5%, you’re losing 75 leads per month. That’s probably 7 jobs a month. If you’re rate is only $500/logo, you’re losing close to $3,500 month in present time revenues. Let’s say it’s only half that… that’s $1700/month… let’s say it’s half that…. $850/month.

This is merely a business decision…and you’re facing “a hostile takeover”… do what any good businessman would do and handle the hell out of it from your “shareholders” perspective. Get the domain back online, get business roaring again AND THEN go after the guy.

First you put the “stop the bleeding” and handle the EMERGENCY (any way possible) AND THEN you mount your counter-attack.

This is NOT a morality issue. You’re dealing with the real world here of business and your livelihood. If you’re willing to flush your business for $250 I’m afraid to say that this shows a very poor sense of business management.

The only way I could see handling this the way you are going about it…. is if the site were merely a hobby site that didn’t impact my life in any meaningful way.

David, come on now… please…. don’t spite yourself here… and make matters worse…. get your site back, setup some preventative measures for the future and get back to your business.

It’s really not a “vulnerability” in the typical sense of the word. Anyone can send POST data to any other site and have it work, provided that the target doesn’t check referrers and that the client has permission to send that data to begin with. You could argue that Google should have added some sort of verification key to the form or something, but really, very few sites have thought to do that, and the same trick would work on all of those sites too – Google just happened to be the one that was targeted because it’s one of the few hosts that provide free e-mail forwarding.

But in any case, just use Firefox and install the NoScript extension. Cross-domain POST requests like that won’t ever succeed unless you explicitly allow them. Of course, NoScript would also just block whatever JavaScript was used to trigger that form data transmission to begin with, so you wouldn’t need to worry about anything.

“Hello my friend. Cristmas tomorrow and i give you only 24 hours, we use escrow and all i want is 200 even tho i no it is worth more. get in touch my friend” OO’s comment is quite simply blackmail. Under UK law this is a criminal offence and this case is now a matter of public interest. With respect to much of the sound advice given by many advising you to give in for business reasons and saying you should be more sensible and not use a free Gmail account, the internet should be made secure for all users and not just those who know all the tricks. It should not be too difficult although perhaps time consuming to track down the criminal(s) behind this. Any ISP or domain registrar that does not co-operate is also breaking the law by being an accessory to blackmail and demanding money by false pretences. You should go to the police.

I don’t know what your laws are in the UK, but in the US there are several felonies here, including blackmail, grand theft, and interference with a business. Blackmail penalties can be 25 years in federal prison. The FBI handles these cases, you need to see who in the UK handles them.

However, your registrar, godaddy is civilly liable here since they *illegally* transferred your domain without your permission to a criminal syndicate. They also have money. You’ll never find the hacker, but you do know who godaddy is and quite frankly you should file suit against them for $10 million, or whatever your business loss is plus all your time, legal expenses, and punitive damages, and you will assuredly win the case if you get a decent attorney, who will likely defer charging you until a settlement.

Absolutely do not pay the blackmail. The persons advising this are utter fools. The vast majority of hacking syndicates nowadays are associated with terrorist organizations and if you pay the blackmail, you can and probably will be charged with material support of terrorism. Do not assume because you are in the UK that the CIA will not locate you and move you to a different country for questioning.

I just looked up what happened to your domain and the page has vanished.
Maybe he got cold feet now, or he´s now a victim of a DoS attack (shyte i just wanted to do that ;))
That sucker has maybe the cheek to hijack your site but now he has a HUGE community against him.
This shows how vital online security is.
just wait for the expiry date of registration and get the page back then…if you really think you still need it after generating a really big wave of sympathy and attention allover the globe.
Think about this donate by paypal thingy as the outcome of that is not predictable and you shouldn´t throw your money into this. I´d like to see him and his alikes in jail tho.
Long live davidairey.co.uk (has more distinction anyway…anybody can have a .com ;P).
Best of luck to you.

David,
I’d talk more to GoDaddy. Going after this lowlife probably isn’t worth the effort–especially because stuff like this probably will keep occurring. And, for all intents and purposes, this thief holds no power–what is he going to do if GoDaddy gives you the domain back…call the cops?

If GoDaddy doesn’t help or requires a court order, why not talk to a lawyer about going after them(since they are effectively in possession of stolen property)?

Not that I think GoDaddy is a bad company, I love them and their service, but to stop stuff like this from happening the big companies need to step in and do the right thing.
Good luck!

This may be a long shot but if this guy is Indian or from India, the chances are that he is Hindu. A true Hindu wouldn’t have stolen your name in the first place, but perhaps a plea to his consciousness of how this sort of behavior really defies Hindu principles may work. The belief in Karma may not apply to the younger generation as it would to his parents or grandparents, but you never know. Before you dismiss this idea, I want you to know that it worked for me with an Indian developer I hired from Guru.com who had split with a $600.00 advance I had given him. Best wishes!

Hi David…I sent you an email and promised to do whatever I can to help you…and now I can see my efforts have had success and the story which I dugg about you has crossed 1750 diggs as I write this and continues to be on the front page.

The cracker’s name and email address show that he’s Iranian. If he’s in Iran, you have pretty much zero chance to get justice. And the WIPO process is totally the wrong one IMO, very costy, lengthy (months to years for sure), and by no means guaranteed.

If I was in this situation, I probably would have paid the initial 650. Or much higher even… You have a point, I know, but then you should be prepared to pay for it. If you can’t afford going out of your current business, well, you know. I also suggest putting high pressure on Google, publicizing this even more, and demand that they give your new site all the PageRank juice of the old one, to have done the least.

Why dont you pinpoint ` The original ticket message was sent from this IP address: 207.36.162.100“
There are some more sophisticated online tools than a simple IP lookup.
At least you find out if this is run through a proxy.
Contact the ISP of the IP address.They may block him-her .And this could be a good tit for tat.
Use a checkim.com or similar type service and give a bait.As far as I know the company may offer a further service in order to track the crook physically too..good luck..

The best advice i can offer is to contact domains by proxy and explain what happened. According to their policies using their service to “Violate the law or infringe a third party’s trademark or copyright” is not allowed. By telling them about this they may be able to transfer the domain to you or give you the information of the new owner.

I think you’re right not to pay the hacker.
Fake escrow services are one of the more common scams on ebay. There’s a good chance that this guy will set up such a ‘service,’ and then not only will he have your domain name, but your credit card or banking information, and you’d be left with no website and a stolen identity. I’m even more inclined to believe this might be his plan, since he’s lowered his ransom price. Why worry about the initial amount when he can have all your money anyway?
Another avenue you might pursue is contacting Affinity Internet, since they apparently own the IP address that was used. They appear to be a site hosting/design service, rather than an actual IP, so I’m not entirely sure how this guy is using an IP address owned by them, but they might be able to track down the user, as I’m guessing this probably goes against their terms of service. It would make bringing charges against the guy easier, at any rate.

Dear David,
am sorry to hear about your news. I agree totally 100% with the stance you are taking. I am a large godaddy reseller here in the uk, and I have written to the office of the president of godaddy on your behalf. I hope that it moves someway to sorting out the mess for you.

I don’t know, David… Maybe you shouldn’t have visited the “evil site” in the first place. You honestly click on random links you’re not familiar with in the emails you receive? By your own admission, you logged into Gmail, then visited an “evil site”. Not the smartest thing to do these days.

Future tip: if ever you have links in emails you want to follow, visit them in a completely different browser that ISN’T logged in to you email.

Hey David… i actually just saw your blog for the first time in digg.. I wanted to let you in on a little secret… there is a website for Cyberterrorism / fraud where you can report such things like this and the FBI and other orgianizations will handle it free of charge as a Criminal Investigation… the website is: http://www.ic3.gov/

David, I really don’t know what to say since 200+ other people probably already have. I just want to let you know that I am with you the whole way. I just can not wait until you get that moron what he deserves, and that you get back what belonged to you and not the other guy.

Since Google is at least indirectly if not directly involved or
at fault for this theft, I suggest you contact them and see what
if anything they can do to help support you in your efforts to
regain what is rightfully yours.

You could remind Google that their help in fixing this
could generate some good publicity to counteract the
horrible news of these sad stories of theft and abuse.

I wonder if noscript for firefox would have been helpful in
preventing this theft. (Yeah, I know, you might not even use Firefox)

While this is aggravating and consuming time and
effort, try to remember that it is NOT the end of the world,
and that there ARE worse things that could have happened.

Just to let you know, the filthy person who did this to you is referred to as a “cracker” not a “hacker”. A hacker is someone who tweaks things to their purposes. A cracker is a low-life who attacks other people with malicious intent. There is a big difference.

Good luck recovering your .com. I have a great respect for you not paying the cracker, I can’t say I would have been able to stick to my morals so strongly :)

Hi,
I’m sorry about what happend to you, I hope everything will turn up fine.
I couldn’t help wondering, the english you have received in those emails was rather poor, and the sum demanded just too insignificant to justify all the hassle. The hacker couldn’t had been from the States, unless he is pretty stupid. Be very careful about checking your emails from internet cafes. They might have keyloggers, or the browser might not delete your session when you have closed it..

That’s a real shame, real kick in the teeth.I’m quietly confident a few google ads on here would give you the $250 or possibly even $650 to buy the domain back. Perhaps you could set up a ‘help david’ paypal donation payment button on your site? Hmm, just my 2 cents.Here’s hoping you get your .com back!

Bounty hunters of old ways is my practice. I found your plight a interesting read. How about here in the USA we make citizen’s arrests. Yeah sure you guys have that right to. Just don’t get caught in a foreign country or you will be facing the hell Dog has. When we are agitated as you folks get we simply invade. Now when here we use ICE it works to eliminate 70% spam. Now you have established a new service for some one to make a living with. Your tracking and ability to out think your enemy certainly will give a IT engineer ammo to produce and preserve intellectual property. Out of the billions of people and computers on line you get my cryptic response. Sorry for this as I am totally disabled. My thoughts ramble but suddenly something may just be useful. Ok now times change along with perceptions so as I finish this response to your plight which really makes me angry. A new and better day is evolving. I pray and it is made so thinking and science proves we are connected. I love you man. I am a old apple I Mac poet!

Ok, pride and principal in not paying a thief and extortionist – I get it.

But, if you did pay the $250 (not like it’s $1500), and go through a legit (most are not) escrow company (of YOUR choosing, not this SOB’s), you could get a subpenia from the courts to get this guy’s info and sent him to jail, get your domain back, sue him and get your money back too.

This of course is assuming he’s in the country and not offshore.
He might have used a proxy or botnet to send the original email to your ISP.

The other thing is, is $250 worth the potential in loss revenue not to mention the cost of tequilia and asprin you’re consuming due to all the crap?

You could write off the $250 in taxes as a loss.

Just a different perspective in picking your battles, principals be damned =)

might be able to help you in finding out more detail about Cybergate and it’s owners. One of the biggest things a host doesnt want to hear is that an attorney might be coming after them. If they are doing ok they have to much to lose.

I would contact them directly if you already havent, let them know what happened and that you need to get a hold of the person that is their client. You dont wish to include them in any legal issues but if you have no other option then you will get a court order for the information.

Register on both of those sites, it’s free. Do your homework.

If you need the name and contact info of an attorney that knows internet and technology law who’s in Miami. Let me know. I use him as my corp attorney.

I live in florida and if you find any more info on this guy, I’d be happy to pay him a visit on your behalf. Even if it is to simply take some pics of him and where he lives, etc… Let me know if you are interested. I will look for your response here.

I would tell the guy that you’re not interested in the domain at all. Then I would set up another account and wait a few weeks and offer him $50. At that point he’ll be willing to take anything. the domain is only worth a lot to one person: you. Once his only customer dries up he will be out of options.

This is all unfortunate, and I hope all works out in the end. However,

One must ask oneself, what is more important. Is it the google rankings and reputation or is it the ideal of not supporting blackmail.

If being blackmailed truly takes precedence and trumps your search engine rankings in priority, then so be it. But realize that sometimes morality only stands in the way. Seeing as how he went from +600 to 250, you could probably hustle him down to under 100. Clearly he isn’t very smart.

I think you are a dumb ass not to pay this guy. Look, I dont know how much money you are losing because of your lost search results…Sometimes we have to bite a bullet in life. And if this site means alot to you (never been here), and is providing food for your family. $250 is a steal. Just dont allow yourself to be fooled again.

Terrible story, but unfortunately not the first time I’ve heard it. I’ve worked for a couple of major UK ISP’s over the years and I may have some relevant experience if you need some help.

I think you’re best option is NOT to attempt to pay this person – legally it’s not a good move, and as “not understanding” pointed out, the escrow “service” will almost undoubtedly be part of the scam. Contacting high profile people at Google, GoDaddy and the involved ISPs may open doors for you, and could certainly add weight to your fight.

I’d urge you to take prompt action as the longer you leave it, the harder it will be to catch this joker. Incidentally, this kind of scam isn’t unusual at this time of year because it’s often a bit more difficult to speak to support staff, etc.

I hope everything works out for you. Drop me an email if there’s anything I can do.

[quote]why dont you buy the domain name at 600 USD or 250 usd or any other bargain you could strike. Atleast you been back on the search page logo designer UK will be mean much more than 600 usd or 250 USD ?[/quote]

Why would you ever pay a criminal anything? Why would you even imply in your post you could even trust him to give you the domain. You pay him $250 or $600 and never hear from him again. You have no details – and the hacker can just change email address and sign up for a new escrow. Or simply ask for more money. People who believe paying a ransom resolves anything are idiots.

Good luck with getting your site back, trust me.. godaddy will NOT help at all, they’re spammers and scammers themselves with their horrible business model and customer service. They are right though, with a court order they have no other excuse but to assist. At least they’re honest about that.

You can show to a judge that you need a court order to get your domain back as it was gained access to through unauthorized access.

How about filing a case in the U.S. … after all you have the I.P address. Thats all the RIAA / MPAA needs to get a name to sue, thats all you should need. also look at the headers of the emails you have received from the attacker, they should have an originating address in them as well.

Did anyone notice that the hacker creep posted to this thread? I wont quote him, but look at around 7:39 pm on December 25th. Maybe more ip info could be garnered from his post. Also when you click on the creeps name you get http://www.daivdairey.com , but isn’t found.

Here is a thought, why not put a donation Button on the page. Depending on how many users you have you may be able to get them to pay your legal fees. It was only $1500? I would love to donate a dollar to put some shithead CRACKER in jail.

Really sorry to hear this, my site was hacked not too long ago so I know how it feels to be violated like that. I sent in a complaint to the hackers ISP, but that was all I could really do. It was nothing as major as what happened to you. I really hope you get the domain back and everything works out alright for you.

But Technically I do believe the criminal is guilty of several crimes;
1) Hacking (to a degree)
2) Phishing Scam running
3) and the biggest you forgot to mention is Cyber Squatting. Which is, of course, using a domain to refer to another with the intent of profiting from it while holding no actual ownership over it.

If you do file suit against him, make sure to then take him for damages (Projected lost wages, ad sales, Court Fees)

I guess this means there is no such thing as a free lunch. You are taking the moral high ground but the fact remains that you trusted a company to provide you with a valuable service at no cost. What a surprise it bit you in the behind. It will cost you way more then if you had paid for a proper email service in the first place. I hope this is a leason to everyone that reads this. YOU GET WHAT YOU PAY FOR!!! If you didn’t pay for it you got nothing! I guess my sympathy is equal to the cost of your email service.

And for those that are interested I use hushmail.com I have multiple accounts there. And the way I use them I get a ton of spam in the open email account, which I almost never look at, and zero spam in my personal account, which I check every day.. But then again I paid for that service.

Mind if I ask the obvious question? Were you using the same password in multiple locations?

I find it unlikely he used the exploit. You have made a pretty massive assumption, as it requires the ability to send HTML code to your computer at the time, which may have just been more random. But as you said, he waited until your holidays.

I’d say the most likely cause was that you used the same password for email on multiple forums/sites, and that the target forum was hacked.

People shouldn’t assume that just because there was an exploit against a service, that it was the reason. Here in australia we call that “jumping into conclusions”.

I’d like to know of what procedure you followed to actually get to this conclusion. And if a google search is all that was done, I’m not sure thats really enough to make a firm conclusion.

Or, even your wordpress may have been compromised.

And no, I’m not saying that the exploit never existed, I’m just saying that I’ve heard so many people jump to conclusions and blame the wrong party because they did a 5 second googling

Couldn’t you sue him for domain squatting? Pepsi won a case recently to get a domain of theirs from someone since its OBVIOUSLY your name and your domain that you have been using. Id say its clear win for you in court if they can find the guy. Id sue his ass, i wouldnt care what it costs just to see his sorry butt thrown in jail.

The hackers IP address is worthless. Most likely he is using a proxy or sitting in a library with free wireless access. So the IP address is a dead end.

However, since he transferred the domain name he had to use a credit card. So, the domain registry service (GoDaddy?) has the hackers billing information. There is the place to start.

ICDSoft is off the hook here because they followed their procedures. GoDaddy followed their procedures as well. The problem is with GMail (and the endless Beta phase.) I would force Google to provide some documentation to GoDaddy (IP addresses that the acct was accessed to prove you were not the user) so that GoDaddy would surrender the billing info. But the courts will need to be involved.

it might be possible to find the actual guy, contact the service provider of 207.36.162.100 (CyberGate). Three possibilities:

1. Attacker might be behind NAT/proxy in which case it is giving you the IP address of Cybergate proxy server. With exact time of the domain transfer request already known, you can ask the ISP to provide you with the Internal IP whose been visiting your Domain CP. And I’m sure if they are billing him they would have his full contact details.

2. The attacker has a Global IP which is assigned to his computer but registered in the name of ISP. Its possible to get the contact details of the attacker in that case too.

3. Bad news: The attacker used a public cybercafe or he used an anonymous proxy to do the attacks…It’s very unlikely that he’d be found.

One way to get the information of the person would be to contact domainsbyproxy.com and inform them that the person is violating 4) G) of the Legal Agreement. That gives domainsbyproxy.com the right to revert the domain back to the person hiding their information. Furthermore, if you do a search about them it appears that it doesn’t take much for them to remove themselves as the contact on the domain.

Then if it turns out that the person who stole the domain is using invalid address information you can contest it. If they do not correct it with in a certain amount of time they lose the domain.

If the problem was just due to the gmail security issue, how did he get access to your hosting control panel to submit the support ticket? Did he hack into that too? All in the same day? For that matter, if all this hack did was forward transfer emails, how did he even know what domains you owned.

This sounds more like the guy had complete access to your gmail account (and could look up your hosting password and any other registration info that was archived). An alarm went off in my head the first time you mentioned you checked your mail from an internet cafe. That seems like the much larger security failure. Or that’s another huge coincidence that someone used this gmail hack on you the exact same day you started using internet cafes in new places.

David,
You need to contact Chris Hanson of NBC, the guy here in the US that does catch a predator and also catch an internet predator. He did a show on the whole scam artist thing with the money sending bs. This can definitely be a story and if it makes their show you can guarantee that Google’s ears will perk up, Florida’s ears will perk up, and more than likely they will foot the bill AND help you catch the guy.

I would first like to thank you for making us all aware. The most repulsive thing about this is after having the horror of someone stealing your hard work, the cruel person results to not only blackmailing you but taunting you as well.

I am agreeing with Ozh. I am curious to know what Google has to say about this. After all, the debacle occurred via a security leak in their email services.

Also, although the IP maps to FL, I’m not convinced that perpetrator resides in the US. For me there are at least three red flags that makes me believe that the perpetrator is trying to throw you off. One red flag is the weird English which is unusual to US vernacular such as “I like to see you have that domain name again” versus “I like to see you have ‘your’ (or even ‘the’) domain name ‘back'”. Second red flag is I don’t know any person in the US who regularly uses the x.xx $ notation for a dollar amount. It’s always $x.xx Finally, an 89% percent difference in ransom demands within two days is very strange.

Wow: sounds crazy.
OK… let’s say you fork out $1500 and initiate legal proceedings.
And lets say a few months later you get your domain back.
Let’s say that your hacker is some no good b*m from Peru.
(No offence to readers in Peru: it’s just the first country name I could think of. If offended, just replace Peru with a another country of your choice when reading.)

1. You catch the culprit. He earns $50 a month working at his local supermarket.
Question: do you get your money back?? If so from whom? Assuming the culprit cannot pay!

2. The culprit hides himself successfully behind a bogus Paypal account or something.
You get your domain back: but there is no one to pursue for damages.
Question: do you get your money back for your legal costs??

If you run a business and store personal information on a PUBLIC, FREE, LARGE email system you are putting your customer information in jeopardy. At the very least as a designer you could get web hosting, and do your business over another email system.

Yes google should fix that bug, but seriously, gmail is where I get crap sent, not customer data.

That’s really aweful mate, I used to work in an ISP and a similar incident happened to us as well. a hacker somehow got to know a way to answer the secret question and retrieve the user account details (of a popular website domain). although he owned the domain, he did not change the Primary/secondary DNS details (for our luck) when we were to renew the domain, we were unable to login, this was due to a password change (which the hacker has reset), we filed a complaint to NS (Network Solutions) and they responded back saying they cannot do anything about it unless the actual person who initially registered the domain responds with them – for our misfortune the person who registered the domain was no more working in our firm. we explained this to network solutions and still they were neglecting to release the domain, then we finally had to speak to the CID (alternate for FBI in my country – Sri Lanka) and they investigated the issue and withing 2 weeks they caught the culprit…

my point is, you will have a better option if you go to the FBI mate, and explain the situation. I don`t know about WIPO asking $1,500/- for such a thing (they may be having there reasons) but for that money, I might as well keep my grand and curse the thief who ripped the domain from you. on the bright side you still have your visitors in fact new one (inclusive of me)…

Besides, the domain name (www.davidairey.com) is not a generic one, it is specific, if at all anyone wants it, it will be you. if at all that jackass wants to sell the domain to, it will be to you and i believe the idiot (if at all a wee bit wise) won’t renew the domain for more than a year. so you’ve got nothing to worry about at all mate… all you should care for the moment is that you learned a very good lesson and you have created the awareness to other people who would also have been victims to such incidents for that they are all directly or indirectly thanking you for sharing this.

You, sir, are deserving of terms that I do not use in my normal speech. There is no word in the dictionary to describe how much I detest you. Keep taunting him while you can – as you can see…he has the support. You don’t. Your time is limited, so enjoy your fake victory while you can….because you will be busted.

Script kiddies like you are so lame. :P Wannabe.

@David

Good lord man, I sympathize with you so much. I would simply freak if anything like that happened to my domains. I’m not going to recap any of the comments here by suggesting things to do…everyone’s pretty much covered everything.

My hat would be off to you…if I wore one…for standing up and refusing to cave in to his stupid little demands.

@The Ones Who Suggest He Pay Up

Heck no. That will just encourage Peyam and people like him. David is doing the right thing by not caving. Sure it may cost more in the end, but the message will echo through the entire Internet.

Someone mentioned Gmail’s being in Beta as some kind of excuse for their poor security; it’s no excuse. They should not be rolling out a beta to so many users; it’s simply Google’s get out of jail free card–and they should be ashamed of themselves. I think Gmail/Google is 90% to blame.

No doubt that idiot hacker is reading this very post (make sure you check the logs for IP addresses). I think you should take legal action against Google; someone sugested a donation button–an excellent idea.

Also have someone in the State check telephone directories for that name (most likely not his/her real name, but it’s worth checking; it’s also worth checking (or having a pro check) your logs on the days leading up to the transfer).

You should also push Google for some more information about that email address: pay.irv@gmail.com. It’s obvious that it’s being used for illegal purposes; push them and mention legal action (everyone else can send him a ‘friendly’ mail). This chap is obviously of sub-standard intelligence, so he must have slipped up somewhere along the line. Perhaps you could start a petition aimed at Google?

Good luck, David! I hope that you get your domain back soon, and that the retard who stole it gets a kick up the ####. And I hope that if he or she’s reading this, I must apologise; I meant to say RETARD.

A letter from a person that SOUNDS like a lawyer will often work as well as a letter from an actual lawyer. Why not just send a letter to godaddy on a fake letterhead (you ARE a logo designer, after all) with a lot of legalese. If that doesn’t work, then you go the more expensive route of hiring an actual lawyer…

DO NOT PAY! contact the FL PD. I assume you’re based in the UK. Consider using Skype or grandcentral for all you calls as it will give you a log and recordings of the conversations for use as further evidence, also its cheep. Because this is a crime, the Broward County sheriff’s Department will open an “investigation”. Ask to speak to a detective, and be straight with him, explain your situation fully and that all you need from him to get your domain back is a copy of the police report to submit to GoDaddy. Be prepared to show proof of payment for the domain name and length of purchase. Furthermore ask if you can get a “letter of investigation” from the state’s attorney’s office (they are like the ADAs on law and order for FL) because that would certainly legally cover GoDaddys ass. I’ve been in cyber crime for a while now and this is disgusting. If you have a lawyer friend get them to send a letter of violation of the DMCA (you owned the site, it’s your property, and therefore the copyright is held by you, Including the name DavidAirey.com) Because they are “in possession” of the domain, an argument for receiving/possessing stolen property (the property of course being the domain)could be made against them, and let them know that they could be held civilly and criminally liable unless the domain is either
A. Locked and prevented from further transfer until getting ruberstamped by a magistrate
B. The domain is returned to its rightful owner

I suggest that you go and find the guy who did this to you.
Peyam Irvani.

Profiles and records are easy to find, you just have to look. Use the emails you got and the name to see if it matches up anywhere.

For a fact, I know that his name is Iranian. So is the nickname he is using for his email.
So there it is, to start you off. Look for Iranians with that name.
I know this because I am an Iranian myself, find that guy and give him what he deserves.

I wouldn’t be able to tell you how or anything but not only would it be ridiculously easy to get your .com back from the most insecure registrar ever, it’d also allow you to take control over any other domain names in the hacker’s account.

I wish you the best of luck for the future.
I would apologize if this has already been said but…

Why don’t you buy the domain right now (for 250), then take the thing to court. I might be wrong, but you can always tell the court that you needed to do that step because of business needs. All your business depends on the .com and you needed to have it. Then sue the bastard for punitive damages (all the cost 250 + 1500 (legal fees) and extra for punishment and mental trauma and such)

Scary story — and an interesting commentary on the precarious nature of making a living off the web. The farther we get from activities related to actual sustenance of our physical lives, the easier it is to lose everything.

I apologize for my lack of familiarity with the blog-sphere, but why, exactly, would you want to use Gmail if you owned your own domain? (I guess we all rent our own domains, actually, which really is the problem here.) Wouldn’t using an e-mail address located in your own domain strengthen the branding of your blog/domain?

So google screws you out of a domain name then does not allow you to redirect any search results from your dot com domain to uk domain. With all googles technology, they can’t update a web site’s domain address in search results??? I can change my phone number and get updated in the phone book.

$250 for a hijacked domain seems reasonable compared to other types of thefts, such as theft of your income from search traffic. Too bad you couldn’t get google to cover that cost for allowing the hack.

Look at it this way, what if a loved one was kidnapped, would you pay the ransom? Sometimes the bad guys win and that hurts. It’s great that you exposed this issue and maybe this shitbag will get caught.

Tragic story indeed. what you can do is try contacting the ISP of the IP address and specify the date and time of the hack and they will locate the person for you. this is the way thing goes and do it as soon as possible cuz ISP do tend to delete the logs after some period of time.
regards,
damnedviper

That website was parked at bodis.com, so you could contact them because they will have his information on file. It also seems dattebayo-fr.com have their domain again so you might contact how they got it back and if they know who he is.

Dave, thanks for the info on how you can get hacked with google email accounts and how to determine if you have been.

As for paying said ‘kid’… I stand firmly with you on the no money point. You’ve got a way around your .com issue with another url, you have support of a community and have some possibly ways to pursue resolving this. Work those lines.

As for those with the ‘pay now, it makes good business sense, move on’ mentality… in a way, your attitude is a great insight into many of the larger problems humanity faces right now. Focus on the short term, how to get around the immediate annoyance, even if you know your action is the wrong thing to do and if you know in doing so, you will be encouraging a bad thing that will happen to others. That’s not good long-term business. That’s not good community.

Ask the American FBI to investigate, they can get the ISP records and pay a visit. In one case, I had the FBI knocking on the kids door the same day. They said his mom what hitting him as a result of the visit.

I know how you feel on this one. And our issue was also with, *gasp* GoDaddy. Well GoDaddy and Enom.

They are honestly the biggest causes of such problems, seeing as they have no interest in the welfare of their users, or the domains they hold. These big name registrars will not lift a finger to help, research or repair the damage done by these acts, when they are the ones who can rectify this with just the basic amount of information from the original registrant.

My friend ran the site AnimeWallpapers.Com until he passed away suddenly in February of 2007. Upon his death, an individual with access to his servers, took over his email account and transfered all the domains to his enom account, from my friends GoDaddy account. Despite the fact that this was done after my friend passed away, both of these companies had no interest in helping, and to even look at the case, forced my friends’ mother to sign waivers that they won’t be held liable no matter what the outcome.

After spending a few months on this battle, we did end up going to ICANN, and recovering the domain names, with the $1500 fee that you mentioned. I can’t even begin to imagine how much trouble my friends mother had to go through to try and deal with online theft like that, of what her son spend his life on. In the end the thief, Hongli, and his friends got a good six months to nearly destroy the domain, caused plenty of grief and suffering, and all this could’ve been solved in days, had the GoDaddy and Enom companies had enough sense to realize that a man cannot send an email after his death. But their stance was exactly as you quoted, that the email used was the one on record, and as such they have no interest in further dealing with this.

I would caution you not to pay this lowlife anything, as there is no guarantee that he won’t just run off with your money, and not give you the domain anyway. You should go for the ICANN dispute, and ask them to also provide the billing information of the thief, along with restoring the name. Maybe even set up a legal fund to help with the ICANN fees, but despite the costs involved, it will at least get you back the name for certain, instead of relying on the “honor” of this thief.

As someone who has gone through a very similar situation, I wish you the best of luck, and any questions you may have on the ICANN filing, I’ll be happy to answer, just drop me an email.

Sorry to hear this. I was into net security, exploits and the whole scene awhile back. Some things to note:

* No way in hell to track the hacker down. Don’t bother. They use proxies, and if they’re smart, chained proxies, meaning they contact you and do all the dirty work from behind a number of compromised computers. Unless each one of those computers keep logs, you won’t be able to find the guy (or girl). Hacker is likely in Romania, India, Russia, Nigeria or Israel.. but they could be anywhere really.

* Don’t listen to the hacker. There’s a high chance you won’t get the domain name back even if you pay. Most escrow services are very shady.

If I was you, I’d put up a donation button and use that towards legal fees. Good luck!

I’m not really in touch with the graphic designers community, so I did not know about this site or you :)
I read about this incident on linuxhelp.blogspot.com — you have my sympathies..
I’m sure what you did is correct – by not paying the criminal you’ve discouraged him at least to some extent. Right now I’m sure he’s got a shit-eating grin on his face, but that won’t be for too long before he realizes that people look at the WORK and the PERSON, not the website. I do hope that this issue is sorted out as soon as possible.

Oh, and I’m an Indian staying in Mumbai – so I’m curious to know the story about the guy in Colaba punching you! I’ve not known Mumbaiites to be rude/bad towards foreigners :-/

I found your post through stumble upon, so you are clearly finding new followers through that route. I’m amazed that this is possible, and will admit that I had immediately checked my gmail filtering. I am proud of you for sticking to your morals and not giving in. As a suggestion, since you clearly have a very devout following, and considering this massive amount of comments you have (I apologize for not reading all of them, but there really is a lot), you could probably convince a lawyer to offer some work to you on a “I can advertise for you” basis of some sort. Basically state that you do have a lot of readers and that if they help you, you will provide a rather lengthy and happy post in regards to their aide. Not sure of if it will work, but you never know, you may find someone interested. Best of luck and I hope it all works out for you. I will continue to read, and as I set up my blog I will definatly be giving you a link back.

What this guy has done is illegal in both the US and UK. There are at least three charges he’s guilty of in the US, at least one of which is federal.

The FBI showing up at his door and taking all of his computer equipment while they determine the extent of his illegal online activities could be worth it, even if you never get your domain back. Probably not much chance the UK would want to make an example of him after the US was finished with him, but it would be nice.

David,
eventually (you may remember when), your site will need to be renewed. The criminal will most likely NOT pay anything to keep your domain hostage. Therefore, it will go into default, more time passes (90 days), and then it’s thrown out to the masses for anyone to pick up. Well, there are many services out there that you can pay in advance to watch a certain domain and the SECOND it becomes available they grab it for you. I have used these services before and they DO work. Pay them instead of the a–hole that hacked you. Your site is already down, so let time fix this for you and eventually you’ll get the site back.

This story don’t have any clear messages.
1.Whe your domain supposed to be renewed?
2.Before that you will receive mails from your registar.
3.Even it expired it will be availble for you to get back within 30 – 40 days.
4.After that period another 45 days available for you to claim it from your registar with little more expensive price.
hackers don’t play with this type of domain and password, instead they will steal your financial iunstitutions info that is morre worth.
they paly with domain if it is big name and it is special hacker people. Mostly it for ransom and for get traffic and sale and visitor’ sensitive information.
This was done to you by a person who have connection with you.
if you want you can ask from your original registar from which computer came the the transfer request. Di you ask them? If the domain is expired and within 40 days this happened, you have the right to ask from them for this illegal doing.
So if you have all this go to your nearest police station lodge a copmlaint and then contact FBI with the copy.
But I wonder why your registear allowed to transfer with out a question such a big domain going out wether their service is not good, If you selling your domain they may ask a present.
It smells some inside work may be your friends or companies. But go to your Police station and complain. It is cyber crime. And Identity theft.

Did anyone here notice the bastard actually posted a comment here?!?!?! (or appears to, more on that later!)

Peyam Irvani is most probably a Persian name, I would know, being a Persian myself. I think there is a good chance that he is actually located in Iran, and the IP address you found, which was located in Florida, is just a proxy he used to connect to the web. Using proxies is fairly common in Iran, since the government blocks access to many sites, and the only way to access them is through proxies. There are other signs pointing the guy being in Iran, one is the relatively low amount of he’s asking for. $200 is more than half the monthly income of a minimum wage worker in Iran. Another sign is his relatively poor English skills. (The strange thing is that the comment made under his name has an completely different language style compared to his email responses, so the comment mayyyy have been made by some other asshole).

If the guy is located in Iran, there is pretty much nothing you can legally do against him. You might be able to get your domain back, but the hacker will be untouchable.

So, while I can’t be %100 sure, I think there’s a good chance the bastard is located in Iran, and this is something you need to consider if you decide to proceed with any legal actions.

As a Persian, I sincerely hope you and anyone reading this won’t form a negative opinion about Persians in general. We’re getting enough negative press as it is, thanks to our screwball president.

Good luck, both with dealing with this issue, and with any new business directions you may take!

To everyone that suggested that David pay the guy because it’s the smartest thing to do from a “business” perspective, you’re idiots. What on earth makes you think he’ll honor his word? Do you think he’s a member of the Better Business Bureau?

To Gerardo the “security specialist” – did you read the whole story? His domain is NOT ok. He found the gmail filters on his mail account. What made you squirt off on such a tangent as key loggers? Logic doesn’t appear to be your forte.

To Michael the IT student – Beta? Are you serious? Gmail has been around for 4 years now and they have more freaking Ph.D.’s working there than in all of the colleges in California combined. By anyone’s measure they’ve been out of beta for a long time.

This post is both informative and scary. I salute you for holding on your principles. I would do the same if I’m in your situation. Right now, I’m thinking of checking and changing my GMail password. Thanks…

David, I’m appalled at what’s happened here. I agree with you that you should stick to your guns. It could be that if you paid the hacker any money at all it would jeopardize your subsequent court case.

Your original URL seems to have gone down: I hope that’s a good sign?

This person should be exposed and blacklisted. It wouldn’t take much to do that and he’d see that the Web’s not a very nice place for people like him once we all know who he is!

I wish you a complete and satisfactory resolution to your problems–and a Happy New Year!

I am considering everyone here telling you to pay the guy as THE HACKER. Obviously a bad idea.

Sorry this is long but I’ve researched this in the past few months due to a friend that went thru similar….If I were in your shoes I would be gathering all the evidence and filing some kind of criminal report for police/a bureau and contact ICANN immediately. Someone impersonated you and virtually STOLED from you. This is not a dispute of a domain name- so I wouldnt fight it in that form. This is online fraud, identity theft, oh and not to mention blackmail/extorsion.

Have you tried speaking to the legal departments of both Godaddy and the host of your current site? If you are able to present information (gmail and the two emails, your vacation departure date/proof, etc) – (can google send you info on when the filters were applied?)
they should be working with you to try and resolve this since there was OBVIOUS possible fraud. What I would tell you is to not give up with those two companies – I would be calling them daily demanding to get help and answers until you are able to at least show them the proof you have. You should certify/record/keep any correspondence with anyone (hacker, domain companies, lawyers).
Bad publicity scares most companies – so I would probably lie (if i’m not being helped) and tell them that your story has been redistributed online and that you are going to popular technology sites to get the story published, local tv stations, somewhere w/ the masses, etc (maybe write to Larry Seltzer at Eweek.com)

Did these two companies (plus Google) do everything correctly in terms of protecting your security from this kind of fraud. Maybe see an experienced lawyer on this – I would find it more useful to sue them if there was a breach than waste my time with some “dude” from FL.

Step 1. Stop the web site moving again. Godaddy is a professional group – they need a legal doc. Brendon Abell has already mentioned step 1. – Launch low cost small claims in your local jurisidiction. immediately notify godaddy and have the site locked down.
THEN
you have the time to make a decision.

1a. Back to the Godaddy wording “Court or arbitration forum”. This doesn’t need a Supreme Court ruling. You need to know where your domain is and who the registrar is and how to get it, and…. lock it down NOW.

1b. The assumption that this person is US resident seems unlikely at best. You are not US resident, and you do not know the location of your thief. Moreover, many US court processes now use the existence of the WIPO as a reason to refuse jurisdiction. Courts everywhere are clogged. Keep it local – it ensures you can produce witnesses and documentation in a timely and low cost fashion. Your thief is unlikely to show.

1c. There are TOR outlets in florida so who knows where this person is. The email trail though is still active and could be traced. Involving the Police? does this involve writing a traffic ticket? Forget it.

2. I can see you are professional and mature so this comment on revenge is written more for readers and to reinforce your resolve. One cannot launch DDOS or other attacks on others and complain if it happens to your site later. Every culture expresses this differently but the same – “You reap what you sow”, “what goes around comes around”, “Karma”. Corrupting, attacking, blacklisting or banning a domain name you want back seems pretty self-destructive. Revenge is fun, very satisfying in the short term, understandable in the heat of a white hot rage – but ultimately it is the wrong path.

3. Help tracking the person is different, and you can welcome that. The discussions about suing him assume you know who he is and where he is. (Except for the suggestion that you sue someone with the same name whether they are guilty or not). Tracking the person allows you to then use someone like google to finish him off through proper channels. I fear that the suggestions of hiring a hitman and the colourful image of a person sharpening their machete for a hacker conference (your thief is not at a level to attend), will cause more problems than they solve. Working with Google and Bebu, however, and sharing tracking info with them might get a satisfying result. Make sure you have a copy of all email traffic and a witness to verify what is there at regular intervals so you can demonstrate a proven evidentiary path.

4. In summary – there are 2 paths – one will get your domain back – slowly, “in the fullness of time”, but eventually. Simultaneously, you can track the thief, share the results of the hunt with concerned parties e.g. Bebu and Google, and drive traffic to your new site name with the exciting story of the ongoing hunt.

5. A relevant rant – yes it was a GMail problem. Read Davids article! No, I do NOT agree that we should all have to be trained Sysadmins and security consultants to use standard applications on the web. If my supplier has a security hole I expect to be told about it and how to check if I have a problem. There is a critical difference in the expected level of attention to technical issues that applies to a web administrator and an application user. Blaming the user is not acceptable, not professional and not a good reflection on the design attitudes of a person making the comment.

I was wondering if you could please tell me if this xxs penetration was possable because you had javascript enabled. If so, I would advise you to use firefox and an ff add-on called noscript. Noscript not only blocks javascript scripts, but also I think other potental harmful scripts.

Also, is this hack being done only using specific os’s and browsers?

Any information, or references to sites where I could find out these answers, would be greatly appreciated.

Thank you for your time. And best of luck in recovering from your misfortune.

Thanks for posting your story. I just checked my gmail and I had a filter to a random yahoo account. I had been recieving random emails the past few weeks and now I know someone was trying to take over my accounts. Luckily I was able to change any password that they could have access to, and did not have any passwords stored in the gmail account. Only thing that stinks is I had copies of my dissertation and some other stuff there that some random hacker is laughing at my spelling in my work in progress..

If you have “daviddairey” registered as a trademark, I think the WIPO arbitration is the way to go. According to the ICANN rules, you have to prove that the domain name is identical or confusingly similar to your trademark, that the owner has no legitimate interest in it (you have the emails messages and the fact that he doesn’t actually use the domain) and that the domain has been registered or used in bad faith (again, you could use the email messages).

It may cost you more than paying the crook (DON’T), but I think this is the only decent way out of it.

This page provided to the domain owner free by Sedo’s Domain Parking . Disclaimer: Domain owner and Sedo maintain no relationship with third party advertisers. Reference to any specific service or trade mark is not controlled by Sedo or domain owner and does not constitute or imply its association, endorsement or recommendation.

I hope it helps and somebody can follow a trail on this.
I live in the States and would help ypou from here if possible. Jusdrop me an email.
I can write to Google and ask them if this is true why they are not doing anything, I think we all can write to google and Godaddy too.

1. I don’t get it… How come I have a feeling David sees this as civil case in which you get a lawyer to bring this mess to the court, while this is clearly a criminal case which you let FBI / interpol do their thing and track this hacker down.

2. David, do you have your domain ‘locked’? Just curious, b/c it seems every domain registrar has this feature to allow owners to ‘lock’ their domains to block transfers.

I’m sorry if I didn’t see this given the number of comments made here and skimmed through them, but has this matter been promptly reported to the domain provider since that happened? What have they said?

Generally speaking, (alleged) domain hijackings are never easy to resolve, much more being resolved quickly. AFAIR from my previous registrar life, the shortest it took to resolve such was 72 hours, the longest…well…eternity.

Also, some registrars also ask people who claim such to sign disclaimers and what not, then they’ll try to work with the new registrar and hope goodwill kicks in. No guarantees, of course, just saying that’s what usually gets things done.

Unfortunately this is one reason why it might not be “safe” to use free email services. Unlike paid ones, free email providers might not have enough incentive to keep such secure or render assistance for alleged compromising of an account.

Some have suggested paying the hacker. Doing so might resolve your issue “quickly” (or not), but it doesn’t grant the hacker immunity from your trying to prosecute him if within reach if you do pay him and get the domain back.

Ozh, if Google were to accomodate David’s request to do what you suggested, imagine how many others will bug them about that. I’m not sure if that’s fair for Google to handle such, much more when they’re not fully aware of the circumstances surrounding those.

I hope your issue will be resolved somehow as well, fellow David. Good luck.

very insightful piece you wrote here and I will be checking back here or updates.
what interested me also is how have you changed how you protect you data now. I never trusted email as all as a data storage.

I agree with Ozh about Google. Please let us know if they give you an official letter.

I wish you all the best and must say I totally agree with you that you should never give in to Blackmail.

It’s even worse when domain registries does the same stunt. Nunames (the owner of .nu) stole back a good .nu domain name from me without any comments, they just wanted it for themselves. Beware of .nu domains.

Email is evil. Webmail based email is the devil. Using webmail you have a combined threat of spam+worms+XSS+human nature to click on links in email. Now I only use Outlook set to display plain text email. My Windows Pocket PC smartphone also displays email as text-only.

I tend to agree with those who say pay up (as long as you can get a legit escrow service), get your site back, get as much details of the bastard as you can, and file a police report, as it is a criminal case.
Wipo is for intellectual property case, and most of the other organisations will not help you, since you could be a social hacker, and they will be liable for releasing personal information of the hacker to you.

On a side note, for browsing the internet, you should use firefox with the noscript plugin, which will prevent much of these cross site exploits.

David,
That is a horrible situation to be in. I work in security and this type of hack is almost impossible to avoid. Glad you got your site back up so far and good luck with getting the original domain back. I’ve added you to my blogroll as well. I get a few readers here and there so every little bit could help. :)

Seems to me that there are a few parties here simply NOT providing the service you would expect, namely:

Google’s GMail vulnerability allowed the problem to start.
Google should be in a position to block links to the hacked domain;
ICDSoft’s security is weak – they should have verified the transfer through stronger means.
GoDaddy appear to be hiding behind weak security – any claim of an illegal transfer, given the known hack, should have caused an immediate reaction.

As an IT Manager with a company backing, these are services I would be looking to fire and sue for this. Clearly this is not feasible for a on-man business.

While it’s not likely to get your domain back in a hurry, maybe wide publication is a way to up the service level of these parties.

Personally, I have been using Gmail for a while, but still do not trust it enough for serious business e-mail use.

I’m not a lawyer, but if you lived in the US I would imagine this being a federal crime. This is extortion and theft (identity and property).

I work at an ISP and it is waaaaaaaaaaaaaaay too easy to gain access to someone’s account and make changes. All you really need is to give the right name(s) on the account and then just sound convincing. We will ask for an email in some cases and you could simply fake the reply-to address and the morons I work with wouldn’t know any better.

We had a different but related issue with one of our customers who was getting a DDoS attack. The Russian attackers demanded a fairly large sum of money to stop the attack. The company eventually paid the ransom and the attacks stopped. For three weeks. Then they attacked again and demanded more :D

I might have paid this scum the $250 and then proceeded to go after him in court since you seemed to have closed the loophole and couldn’t be hacked again.

If I was running a business from a domain, I’d pay the $250, chalk it up to experience, and move on. Clearly you’d have to use some kind of reputable escrow service (you can’t trust the thief) and I’d do some research to make sure you know what to expect on the ownership transfer. Or find someone versed in such things to consult to avoid any additional pitfalls/loopholes.

This type of theft is reprehensible (just like all theft), but it comes down to a decision on what it’s worth to your bottom line? Are you going to lose more money via the loss of exposure than the $250 he wants? If so, then who cares if you “get even” by sticking the faceless villain with the domain. He paid a pittance for his gamble. Do what’s best for you and your business and take any kind of subjectivity out of the equation. That’s the best advice I can give in situations such as this.

This is horrible. I went and double checked my filters on gmail just in case.
Don’t give a dime to this scam artist.
I’d take your original domain host to court as well as they didn’t verify that you were the one asking for the transfer.
This is theft, plain and simple.
I’d contact SEDO as well and let them know about this scammer, send them copies of the emails he sent.
Have you checked the headers of the email to see where he is sending the emails from? Services like Spamcop can route out the source of the email.
Contact every authority you can think of including the FBI.

Thanks for sharing your story, David (found it via Lifehacker). It’s chilling and I’ve checked my Gmail accounts thanks to your warning. I wish I could offer help but I’m pretty technically clueless. Good luck, though, and please keep us updated. I look forward to reading all about how you kicked this guy’s butt!

This is exactly why I use adblock+noscript, only visit Gmail via https, visit ONLY Gmail while doing email (links can be copied into a text file for later) and always use “clear private data” before and after using Gmail.

There are plenty of bad things people can do. I’m too paranoid to let them.

Hi David.
Sorry to hear about your miseries. I hope that you get justice and your domain back soon. Also thanks for warning about this danger. Google should have publicised this. Anyway, Merry Christmas.

Sorry to hear about the ordeal you are going through – and I’m sorry to hear that Godaddy isn’t being more helpful in this situation.

One of my domains was hijacked a year ago. It’s registered through enom.com and I immediately e-mailed them. By the time I had noticed the domain was hijacked, it had been transferred to some indian domain registrar. Enom promptly took the matter in their own hands and I had my domain back in about 3 weeks. It did cost me an extra year’s registration fee (but it did extend the year’s expiration date).

Good luck. It’s such a terrible event to happen and I hope you get your domain back!

david-thanks for sharing. ug. i did check my filter settings too. sorry this happened. be sure you do not pay this guy, but checking the current host and calling the cops after getting the real contact info is a winner. do it. and blessings at Christmastime to you.
-mark

I think many of your commentators are barking up the wrong tree. For what its worth. I have had considerable success in fighting Cyber Crime by contacting the Office of the Attorney General of the State the crime has been/is being committed. For Florida go to http://www.myfloridalegal.com/ . All cases are reviewed and dealt with diligently.

I can almost guarantee the return (it might take a few months) of your website if you follow these 2 procedures. These services are free and very effective. Hope that helps. Regards.
A Cyber Fighting Canadian

you have proof that the person stole your legal property and demanded ransom for it. If i would contact the local fbi-office in Ft. Lauderdale and ask them about what you can do, and also contact the Cybercrime division with Interpol (since you are in the UK). Also: file a complaint with your local police department. That is just a legality, but will speed up other processes with FBI ands interpol..

if you run a whois you can find out the isp to which that ip address is assigned. usually when you do a whois for an ip address you will see the person in charge of handling complaints and you can complain to them–you have to tell them the ip address and when that ip address was being used by that person, because isps have to keep track of who is using what ip when. in some cases if the person attacking you was careful then you will have to dig deeper. possibly you will not be able to track them down this way.

I don’t know where you are in this situation, but you should consider placing a 1px X 1px blank graphic in all of the emails you send him. Yeah, it’s possible that he’s blocking graphics but there is a chance that he isn’t. You host the graphic on your webserver and every time he accesses it it creates an entry in your server logs..

If, as a result of your investigations, you find the guy’s name and address, make sure you, or a designated friend, find him, and commit some nice physical violence on him. He does this stuff because he knows that there isn’t any risk in it for him. If he wants the thrill of being a bad guy, show him what excitement really is.

United States. Fort Lauderdale, Florida<- This is where you should be with a baseball bat. Think about how much the hackers actions have cost you in terms of your business and add the time required to correct it along with any additional costs, this is a valid figure to be thought of as ‘entertainment value’. Construct an email demanding payment to the hacker, when he refuses, post information that will lead to the individual, deticate a portion of your website to host pictures of public floggings administered by fellow netizens located in the state of Florida that will continue the floggings until the domain name has been returned to you…

Oh, and please check the headers of the emails he/she(it) sends you. feel free to make them public…

1. File a complaint with your local police force as this is a clear case of hacking AND black mail, both of which are crimes (as such, you would not have to spend anything to get your domain name back)

2. File a complaint with the parent registrar (basically, go over GoDaddy’s head if they aren’t going to help) as your domain was transferred to them illegally. GoDaddy’s parent registrar is InterNic.

Google’s GMail still bears the Beta label for a reason. I don’t think they can be held liable considering its a Beta product and they patched the hole once they found it. If they knew about it but did nothing, that might have been a different story.

I agree with Joe on #3, put up a Donate via PayPal link. You’ve got a strong following here David, $1500 could very easily be cleared. And I’m sure that if the court process results in nailing this guy/chick (unlikely) you’d probably be able to recover the costs as part of the court’s ruling on damages.

The idiot posted to your blog. That means there is a new record out there of where he posted from. I live in Mississippi and would gladly help you get this guy. I have several lawyer friends versed in internet law in the country. This is ridiculous for him to say he is teaching you a lesson. Trying to get money from illegal actions is not teaching.
You’ve heard it all as I can see from reading this, but I would be glad to help.

Sorry for what happened, David. But thanks for the heads up on the Google Mail thing. I’m gonna go check my account settings ASAP. I wish I had some knowledge in these kind of situations so I could help you out, but I am as new to it as you are. Good luck with everything though. Hopefully that hacker gets what he deserves.

David,
I wish you luck with your legal proceedings. I hope you receive your domain back as well as adequate compensation to teach the evil doer a lesson. I think you should definitely pursue legal action against responsible parties until justice has been served. This kind of hacking is truly despicable. Thank you for alerting all of us of this potential “backdoor” for hackers, and while I cannot offer you any legal advice, good luck!
Rishi

I clued in a community I’m part of about your problem, it’s quite possible they may be contacting you soon with some helpful info. If nothing else, it’s quite possible a few of them may look into your little ‘friend.’ Sorry for your problems bud, but Merry Christmas and a happy New Year regardless.

This type of garbage really makes me mad. I say, take donations, get injunctions, get a hacker/detective to locate and ID the cracker, and press charges. In Florida, you can also apply for state restitution and the cracker will have to pay (eventually). If many reading donate $5 or $10, you’d have something to work with. I’d donate. Just keep us up on the details.

My business was taken by a con in 2000 in Tampa, Florida for $119,000. We did all the legal research ourselves, called Channel 8 (8 on your side) and they aired a 5-part investigative report on our case (very cool). After 20 years of this guy stealing about $1M per year from single mothers and retired people, he (the con) is now behind bars until 2015 (minimum) and it feels *real* good. I often think of all the people who have been spared the agony of what we went through now that he’s out of business.

1. don’t pay – but pretend to
2. collect all the evidence and go to the authorities, best where the ‘new” ISP is located
3. file for being black mailed & get an injundtion against the ISP to provide you with the name of the hijacker.
4. if necessary, cooperate in a sting operation to nail the culprit. “follow the money”.
5. put this crook in the big house until he sees the error of his ways…

Hi, I’m a Canadian academic and hobbyist amateur web site builder. Like other commenters here, I’m absolutely horrified about what has happened to you. Please don’t pay the ransom. Please do get both the local police and FBI involved. If you put a donation button on your web site, I will contribute to your legal fight against the arsehole domain robber. Warmest wishes for better luck in 2008!

Sorry to hear about your problem. I posted a comment on the latest blog entry of Go Daddy’s Ceo’s blog. I doubt it will make it through moderation but maybe your situation will get some attention from them. Some people have commented about Gmail being beta. How damn long is Gmail going to be in beta? It’s ridiculous. They need to focus on making Gmail better. After all, they are trying to get people to host their custom domain email with them. Yeah it is free but they shouldn’t offer the service if Gmail isn’t better than it is. I wish you the best of luck with your situation.

That’s utterly sucky, and I’m sorry to hear what happened. I emailed around to see if there’s anything that we could do to help, even though it sounds like it’s mostly a issue with the domain registrar now.

But I’ll still ask within Google if there’s anything that we can do to help, or at least to make it harder for something like this to happen in the future.

I just stumbled upon this page from Lifehacker. I really feel for you here. The Hotmail account of a good friend of mine was hacked almost two years ago, and some personal correspondence between me and my good friend that was found in the account by the hacker was twisted into something awful and was used to blackmail us for a rather large sum of money.

I totally agree with the suggestion to get the FBI involved. The FBI was a HUGE asset when we were blackmailed; they took care of everything for us. And, even better, seven months later, the little 22-year-old bastard from New Zealand was caught. Presumably he’s now behind bars. I know that government agencies get a bad rap a lot, but in my personal experience, they did a tremendous job.

It’s also true that the IP origination doesn’t mean crap. The IP that the emails from our guy came from Austria. He just proxied everything. The FBI would have more tools than us to track him down.

I admire your determination to not give into this guy. We never paid a penny, even though our reputations and everything that depended on them were at stake. I want to laugh at the people who say to just sue the guy, because you can’t sue someone when you don’t know who they are, but they just don’t know. Don’t buy back your domain from this person. Don’t give him a cent. Your faith that you will get it back legally and without throwing away your principles will get you through. If you get the proper authorities involved you won’t have to wait for the domain to expire or for him to give up or whatever other ideas are being discussed. Whatever you do, don’t give up anything to a criminal.

Hasn’t anyone, but me, actually noticed that the godaddy registration information for davidairey.com appears to have been changed , matching some of the info for the registragion of davidairey.co.uk, and that the DNS info for “www.davidairey.com” and that for “www.davidairey.co.uk” are the same, now?

A whois lookup of davidairey.com shows that the domain registration information was changed, today (26Dec07).

David…give it a look-see, and see if you can, now, change/transfer it back where you want.

I feel sorry to learn that somebody has unethically took over your domain. Chances are this fellow do not appeciate what he already has and instead of using it for good sake, it turns him into a criminal. Anyhow, good luck in your attempt to get back what belongs to you.

PS – I have checked and davidairey.com is set to redirect to this domain, davidairey.co.uk. You have got it back? It yes then, great! ;-)

Really sorry to about this whole mess, and for your troubles in India.
I am from India, and this makes me feel awful.

As Gary suggested in his comment, the police may view this as a criminal case, that will save you from the trouble of starting a civil case.

People, one of David’s big losses is the search engine ranking from losing his domain.
Maybe those of us visiting this blog can help him a little with that.
I know very little SEO, but if there are lots of links pointing to this co.uk domain with text ‘logo designer’, it may help him regain his ranking on search engines.

Offer to pay!! He will have to give you a method with which to pay, thus providing you more details (ie clues) and some level of a paper trail you can control. If he wants you to wire the payment he’ll have to give you a bank account, call the authorities and let them set him up. If he wants you to PayPal, let PayPal know your being extorted via their system from his account. If he wants you to mail him a cashiers check he’ll have to give you an address to send it to – call the authorities ’cause now he’s entering fraud via US Mail type territory. Any method of payment requested by him can eventually lead to his capture.

Good luck, and thanks for the GMail advice. I’ve forwarded this post to everyone in my address book with an @gmail addy.

David – I don’t know if this would help or not, but from what I saw, the davidairey.co.uk email address is being used for the Tech support AND Administrative contacts. Shouldn’t you be able to press a case, being the administrative contact? Or contact them through said email address to have everything transferred BACK over? I’ve seen it done that way before, but… I know GoDaddy is not precisely “kind” with their dealings, often. Just a thought, though.
(Reference – information read here: http://who.godaddy.com/WhoIsVerify.aspx?domain=davidairey.com&prog_id=godaddy )

David,
My respect goes to you for not succumbing to the hacker’s demand. I second Joe’s suggestions above (12/25) and you will get my support throughout your battle. Thanks for exposing this security flaw to us and good luck!

Sorry to hear about this David. I was offline for almost a month and I found out about this earlier today when I received your RSS feed via email. I hope you find a way to settle this thing and get your domain back. Let me know if there’s anything I can do to help. More power and God bless!

Btw, thanks for the warning regarding the security flaw in Gmail. I hope nobody gets victimized like this again.

Marc Hold said he had added a filter of “Matches: Forward to; Do this: Skip Inbox, Delete it” to protect himself. This will match any email with those two words in it (in any order) and delete it. I just checked my inbox and I have hundreds of mails with those two words, so I don’t think this is what you want.

I’m so very sorry to learn that you’ve been victimized in such a way. It would be bad enough for anyone to have their site and a huge chunk of their online identity stolen out from under them, but considering this is directly related to your business that makes it exponentially worse.

I wish you all the best of luck with getting this taken care of as quickly and inexpensively as possible.

David, you have been the victim of a crime and a very serious one. While you don’t know for sure that your thief is actually in the US, it is likely worthwhile to consult the appropriate US authorities. In addition to the initial “hack” it seems he is also attempting to extort you. Often you’ll find the FBI and the US Secret Service more responsive (and effective) than you’d think. Regardless of whether you get you’re domain back, they do like to make examples of small time hustlers like this.

I don’t know what the UK equivalent would be, but I would imagine it would be worth pursuing.

Did you get it back? I tried to look up the .com’s whois info, and it showed your e-mail address at the .co.uk as the contact. So I tried the site, and both the .com and the .co.uk are pointing to the same IP and both are working to reach your site.

I’m looking forward to the follow-up post explaining how you got it back.

I recently had a similar experience with Yahoo, when my ID I’d had for about a decade was hacked by a phisher just for the mail (which I never used) and left me without a p/w and a large number of interfacing rabbit warrens I’d accumulated over the year with that ID that are linked all over the internet. An old Geocities page. A 360. Groups I own/moderate. It is still a headache.

Their own Security team and I are in negotiations to get my account retrieved (from a person with a .ca address I can only assume is fake). It’s requiring a lot of faxing and personal information, but thankfully, no money, yet. I’d probably just have the server dump the ID and start over if it meant that; and believe me, as long as you have your contacts, you can reestablish your web presence if your old one is destroyed, many times better than before.

So chin up, I inherited a discussion group eight years ago that was lost in a DDOS with echonyc and had about a hundred members. Today it has over 1750 and is thriving. These people are a criminal annoyance. So sorry you had to experience this, particularly during your long-awaited holiday.

I know it may sound like heresy in this Google-loving time, but perhaps people will think twice before relying on GMail? Sure, free webmail accounts are convenient, but I wouldn’t bank my livelihood on one.

Really sorry to about this whole mess, and for your troubles in India.
I am from India, and this makes me feel awful.

As Gary suggested in his comment, the police may view this as a criminal case, that will save you from the trouble of starting a civil case.

People, one of David’s big losses is the search engine ranking from losing his domain.
Maybe all the nice people visiting this blog can help him a little with that.
I know very little SEO, but if there are lots of links pointing to this co.uk domain with text ‘logo designer’, it may help him regain his raking on search engines.

Do you have any credit cards that would give you access to a legal plan? My AmEx card periodically offers me the ability to buy into a $60/year legal plan that gives on the order of $50,000 of legal coverage or some such thing. I already have something similar through work, which is why I’m hazy on the details, but you might look to see if you have access to anything like that.

I’m sorry to hear what happened to you. And I do hope you can get things sorted. When I did a “who is” registrar check on the bebu.net domain it lead me to http://www.privacyprotect.org/ being the domain registrar. They are seemingly located in the Netherlands and offer a contact form to get in touch with the individual domain owner.

This might be a long shot, but you might be lucky to hunt down the real person like this. I guess it wouldn’t hurt either. Another way is to go after their Google Adsense account which is advertised through their bebu site.

Contact Google and tell them what happened. They might be able to track the owner of the account down since they were the culprit in the first instance.

Regarding the suggestions of suing Google, that seems excessive to me. The fact that Gmail’s security was breached does not prove negligence or liability on Google’s part. (It would not surprise me if the Gmail beta never ends – they have no motivation to ever declare the product complete. Even if it wasn’t a beta, the fact that a lock can be picked doesn’t mean that the locksmiths of the world are liable for every burglary that involves a lockpick.)

Similarly, setting up a filter to delete emails that contain ‘Forward to’ will do nothing to prevent someone from setting up a filter that contains ‘Forward to’ – Filters are not the same as emails. (Those of us who remember the ‘good times virus’ may now chuckle.)

your best bet would be to go to google and give a basic explanation and point them to this post. also get this post posted up on sites like digg, slashdot, etc. also, make sure these posts show up on google’s search results for some relevant keywords.

google has a huge infrastructure and a lot of information that most haven’t even seen. if they are willing to help you, which it would be in their best interest to do, they can at least help subsidize any legal costs needed to help.

anything else would just take time. it’s unfortunate that it’s that easy to steal a domain name, but it relies on e-mail addresses, and people to very security aware. good luck.

I take some solace in believing that hackers like this guy and the guys who write viruses will end up in a special hell standing in shit up to their necks or something. You are getting pretty good search rankings about this though. Hopefully someone comes up with a solution.

Hello David,
So sad to hear the sequence of events.. be strong.. don’t pay.. take legal action and don’t worry about the site people DO KNOW you! and most of these people are still plugged onto your blog!

Just heard about this disgusting crime on the Professional Image Creators forum

I am sure many of us are horrified that some bastard/s can be allowed to get away with this. I am not a web-expert which is why this is more worrying for those of us who aren’t, but my first thoughts are

a) Criminals can’t be trusted so whose to say that once you paid ANY initial amount that it would ‘suddenly not be enough’ and further demands would arise.

b) ANY court action even when you are 100% in the right is rarely mostly about the money, but the tension, the loss of business time, the fear, the anxiety etc etc. The ONLY winners in court cases are the lawyers who are almost as criminal in their charges as this hijacker!! :-)) Having taken two sets of customers to court I would stay clear as much as possible. This is NOT letting this hijacker win. Not paying him means that he is still the loser, which in life he obviously is anyway! Winners are those with ethics and morals who have support of good family, friends, colleagues and clients, I guess this bastard has few of any!

Someone else suggested starting afresh. I think that’s what I’d do. You obviously have learnt a lot from all of this and it sounds like you knew how to get good site visitors anyway.

This is your least costly and perhaps most refreshing approach of all.

In the meantime, do any free counter attack you can. The publicity you are gaining from this incident is the best advertising you can get, I might even get you to do a logo!!! :-)) ALL PUBLICITY is good publicity. THANK the bastard by e-mail for giving you such a good business boost and let him know that whens sufficient funds are in place from this increased business that you will hunt him down and finish him! (Bluff of course!!)

Wish I could help in other ways but you now have another whole forum aware of you and the dangers you have so expertly raised awareness of. Well done,

You should have “free process” to find and punish this criminal, who gave you all this trouble.

I read about your case in version2.dk – and you should be praised for your clean documentation of a problem, that could happen to anyone – especially those using Google-mail.

So I am grateful to you for sharing this information with me (and others), and I am really mad at this hi-jack-ass og whatever he should be labeled – and I am angry at Google, who has a responsibility to inform about this.

But most of all I am mad at society for not doing anything to get to the root of all this evil.

Of course you should report this to the police dept. in your town, and they should take further action without penalizing you for solving this common issue.

Good luck with your project and finally an advice: Stick to your simple domain name – it may be long, but your projects is sound, and people will find you eventually.

I don’t have time to look through all the responses, so this may have been mentioned already. When you get back to the UK, try to get the police to work with you to track down the perpetrator. See whether they could follow the money if you took the perp’s offer to sell your domain back to you. If so, set up the transaction and let the police find him.

I’ve no experience with anything like this. Maybe the police won’t be interested in putting out much effort to catch someone basically stealing $650 from you. But it seems worth asking them to help catch the guy.

Make a blog post requesting all your friends write posts on the subject for a day or three and link to your site. Maybe someone or several people can post YouTube videos about the hack and your situation. If there is a big enough uproar in the blogosphere, maybe a national news channel will pick up on it. (Or many blogger friends can send in “news tips” to all the major national news sites.) If one national news agency picks up on the story, then they will all start to run with the story. If that happens, you can use the publicity to expose this hacker and warn others, and you just might get some Internet lawyer to help you out for free (publicity).

I know those are a lot of “if” but they certainly fall within the realm of possibility. So make a call out to all your blogger friends, that’s my advice.

David, my advice is this: Pay the $250 to the hacker. I believe Google will reimburse you in due time. It does you no good to talk about “moral” and “honesty”, when you talk to a criminal. The main thing is to minimize your own loss. If you walk into a criminal with a gun in his hands and he wants your money, then give it to him. It´s as simple as that.

Have you tried contacting DomainsByProxy who prohibit people who “Engage in morally objectionable activities, including but not limited to those which are child pornographic, defamatory, abusive, harassing, obscene, racist, or otherwise objectionable.”

I’d say hijacking and holding a domain was fairly objectionable, and as it’s them that holds the registration they should be able to terminate the account and arrange for the domain to be released… Just a thought.

This is a crime and should be reported to the FBI. You can report it by going to http://www.ic3.gov/ which is a division of the FBI that deals with internet crimes.

Also, to the person who suggested attacking the hackers IP address, that is a terible idea. No hacker is stupid enough to do something like this from their home. if you attack that address all you will probably be doing is attacking some inocent coffee shop or public library.

This is horrifying. I’m not a reader of yours – I was directed here by a friend of a friend, but I applaud you for sticking to your principles and not giving into the hacker. I hope you get your domain back ASAP.

I’m very sorry to hear about your problem with your domain name.
I don’t know if it could be used as a j=hint in your fight, but:

Isn’t it supposed to do the request for domain transfer trough the web site of ICDSoft and then to confirm it by email?
Check the procedure.
If I’m right they must cancel the transfer and do the negotiations with the company where the domain name is transfered.

ICDSoft is Bulgarian company and they failed me with my hosting account.
They forced me to move to another server.

I don’t recommend this company to nobody.
Their supporting team is amazing.
They are fast and helpful, but their department managers and policy suck BIG TIME.

1. If Google could fix the problem of traffic, and redirect your traffic to co.uk domain, that would be the awesome gift from them to you on this Christmas. I see it unlikely, but why not to give it a try.

2. Try gathering total expenses you would incur on your legal battle against this thief, and we would contribute to this cause. I am ready to send you paypal money right away right now as much as I can.

@Renata – it’s not just that America is a litigious culture. I mean, there are a lot of dumb lawsuits, but there are actually grounds to sue here (IANAL) and real damages to his income. This is what lawsuits are supposed to be for.

I had to take over the administration of a website that someone had designed for them years before, and the designer was out of the picture. I found that the domain registrar was helpful OVER THE PHONE, and it didn’t require swearing an affidavit or hiring a lawyer. I just had to provide a copy of my drivers license or passport and a letter explaining my relationship to the owner, and after a few days they handed over the admin password. Possibly an easy system to scam, but over the phone, sincerity is harder to fake. I think I also had to have an email from a hard domain, not yahoo or hotmail. Glad to hear it worked out for you. Remember there are still flesh-and-blood people running the show and they understand the shenanigans that can trip you up.

David.. this story is unreal, and absolutely frightening, but I think we can work together in doing something about this creep that jacked your domain and tried to sell it back to you. I run a forum called WickedFire.com and we are pretty well known for not letting scammers, fraudsters, and spammers get away with anything. If you’d like we can begind taking action by posting the guy’s information on our forum so that if he is ever looking for a job or a girlfriend, and someone does a search on any search engine, guess what they will find? ;) Our site is very well ranked in terms of authority, and the post/thread will remain on there forever, not to mention it will also outrank almost any other site about the guy. So we can ensure that he will be dubbed as a scammer for a very long time.

We’ve also got great connections within the domaining and online marketing/advertising industries, along with many security firms and ex-black hat hacker security guys. Instead of letting the registrars, the scammer, the system itself f*ck us all, let’s band together and take action! This story is something that people need to start reading and perhaps a way for all of us to further protect ourselves and our digital assets (and asses!) from crap like this happening on a much larger scale… which it will, and has. These types of XSS exploits have been around for a VERY long time, and when it effects tens of millions of users via Google Gmail of all things, holy crap, doesn’t that scare the sh*t out of everyone??!

Your story has definitely inspired me, so instead of sitting there and waving a white flag David, let’s take action together, and show people that when the right people band together we can be a lot tougher and noticable in terms that they will have to deal with this issue. Whaddaya say David, wanna get that domain back or what? Email me, you have my info.

A lot of people have given legal advice. I thought I’d offer some technical advice to prevent this down the road instead.

In order for this hack to have worked, one of the following is true:
1) You had Gmail open when you went to the offending page (or closed it improperly so your Gmail cookie was still fresh).
2) You have the “Remember me on the this computer” checkbox checked.

Both are security risks you shouldn’t be taking with your business email. If physical security to your system is not a concern, use POP if you want convenience. It’s a good idea with business email anyway, because you can then use your Gmail account as an online email backup. Otherwise, enter your username/password every time you check your email, and hit the “Sign Out” link before you do anything else. This particular hack won’t work regardless because Google patched it, but I guarantee there will be similar hacks down the road that these simple steps will protect you from.

This is a very serious reminder about the game of “us vs. them”. Crooks are always going to be more innovative than the cops, but the “cops” eventually do catch some of them.

I wonder if you might have considered contacting United States law enforcement? I would suggest contacting Florida’s FBI office and report the incident (with all the correspondence and other evidence) to their cybercrime division? THEY might suggest following the money and seeing who claims it. Of course, that isn’t very likely unless you’re a big-budget movie producer, but might be worth a shot?

I am not a lawyer in any country, but perhaps this is something your country’s police would handle and try to sue the scumwad Internationally for damages, etc. Certainly this was an exploit of a flaw, which is considered to be illegal, even if “everyone else was doing it”. Probably your best bet is to contact a local, tech-savvy, cybercrime lawyer for a broader spectrum of advice and options.

Personally, I would like to see you cause the little jerk as much grief or more than they caused you. I like to call it “inflicted karma” and have been known to go out of my way to keep ignorance as painful as possible. Then again, I’m turning into a mean old bastard yelling at kids to “get off my lawn!” (I don’t really, but… it keeps coming with my advancing age.)

Wow, I hope you get everything resolved quickly. It sounds like it was a huge vulnerability in GMail, to allow non-Google hosts to do HTTP posts to its servers. I wonder if there are enough victims to consider a class action lawsuit.

Lessons Learned:

* Use Firefox NoScript
* Always log out before visiting any other URL
* Don’t assume the big guys have done their security right.

“1) In terms of liability, GOOGLE has it. Their vulnerability created the problem. I’m curious if they would pony up the fees for the dispute. Certainly it is in their interest to help you in any way they can. ”

This is just as much googles problem as it is microsofts for allowing the cross-window browser attack used in this exploitation. Although it does suck you cannot place the blame on any one, except that “Script kiddie” BTW the ip address you list is a tor exit point he could very well be in samalia!

While I am not a lawyer, and definitely not a US Lawyer, I believe that this individual in Fort Lauderdale has committed Wire Fraud (which is a Federal US crime) by emailing you. [This is to your advantage, as the Federal US court has jurisdiction in both Arizona (GoDaddy) and Fort Lauderdale.]

And you are looking at the problem from the wrong direction. It is not a case of name premption that would be dealt with by WIPO, but an actual case of criminal fraud. You only need a court injunction from the geographic jurisdiction of the domain name registrar (this will be a lot cheaper than a WIPO case). The nice thing is that, if I am in fact correct in my beliefs, they must appear in court in person to contest the injunction/case.

You really need to contact someone with knowledge of the appropriate laws of the court that has jurisdiction in this matter (which will be the geographic location of the registrar now holding the registration [GoDaddy =>Arizona]) as to whether a prosecutable criminal case has occurred, or failing that your ability to commence a civil case (the first step of which is to gain an injunction to prevent the transfer of the domain name out of the jurisdiction of the court).

The disadvantage of this sort of extortion scheme is that there is a specific court that has jurisdiction because you know the physical location of the primary registration.

David, sorry for your troubles. My knowledge of such things is nil, but if the IP is in Ft Lauderdale, does that mean the perp is there? If so, you might want to contact the US Attorney’s office in the Ft Lauderdale area and see if they’re interested in pursuing criminal charges. They may be able to get info by warrant that would be hard for you to get.

A really very interesting sequence and a nice way to handle the same. Congrats for winning it back!
Really, enjoyed the blog.
One more thing: This page was reccommended to be by google recommendation gadgets on my google homepage.
Thanks for the fighting blog!

I’m very happy to see in the updates to this post that you appear to have gotten your domain name back. This is the first day I’ve read your story and was referred here from a Google Gadget. In a small way, I had a similar lost domain experience. My brother and father purchased a domain and let it expire after a year without renewing it. I looked to contact the new owner and they wanted $900USD. Nevermind, I thought, but then I checked the domain a few weeks later and it turns out that they domain squatter had purchased it with a bad credit card. When the registration was canceled I grabbed it..

You don’t follow one illegal act with a number of others, simple as that. Besides, what’s to say that our “friend” wasn’t simply using a hacked machine to make the transfer request from? It is possible, you know.

Without solid evidence attaching him to that specific IP, getting law enforcement involved won’t do much good – who’s jurisdiction would it be? – and a lot of organizations won’t touch something without solid proof of jurisdiction.

Glad to hear that you got your domain back, BTW – might be worth a shot at trying to find a hosting provider and a registrar that use multiple authentication items to determine that you are you before allowing something like this to happen.

I’m thinking the date the attack took place is a significant piece of information. It was precisely the date you would leave your web site unattended for a period of one month. You reported that you’d contacted a number of people about your plans. My guess is that within that circle you might find the culprit, — or abetter, at the very least.

It’s not easy to pinpoint physical locations of attackers. The physical location in Iran may just be the location of a zombie server.

One other thing worth adding here is that the mechanisms of domain name registrars are highly automated. The transfer process is totally automated. No human intervention is involved. It’s not a happy arrangement for those who expect unequivocal authentication of requests.

On my forensics site I use a private email address for correspondence to my domain support company. I do not use a public email address like Msn, Gmail, Hotmail, etc. I have been using hushmail for all actions like locking/unlocking a domain. Plus hushmail can be encrypted and has safe guards against anyone hi-jacking your email address. I inform my domain keepers that this is the only email that can be accepted by them pertaining to any change for my domains. Also my domain cannnot be changed just by email as I have to personally go in and lock or unlock it after notifying them. By having this 2-step process it makes it quite hard for a pirate or hacker to get hold of your site.
You also need to lock and encrypt certain areas of your site so no one can gain access to it even if they do unlock it. One way of doing this is to have a verifying of your IP when anything is submitted to change anything on the site. If the IP does not match no changes can be made even by your domain provider without your permission. And, your support domain should not just accept email as a authorization to unlock your site. You should have to sign in and authorize the change yourself. It is just way to easy today to clone a email addy and I consider this also very bad security by your domain support

I was searching google for a similar gmail issue when I came across your post. Man, your experience is indeed scary…but I am glad to know that you got your domain back. I learned a lot from your post and I hope you don’t mid if i link your blog in one of my post. cheers!

480 odd comments, wow now this would help you regain in popularity hey???

Its good to see everything back to normal, kinder sucky especially over in India and around Christmas. You going to post about India as well??? Including any inspiration from the area? I got some from when I went to Malaysia.

David, I think it’s obvious that this fiasco has come to you as a blessing. Logo design may be your bread and butter, but honestly, I think you could easily stretch out the characters and settings, throw in some political spin, and wrap it up in a social commentary pitting technophobes vs. technophiles… and it might come out as an award-winning novel or screenplay. As I write this, I realize I’m not kidding… :)

I agree … don’t worry about your pagerank. Your issue has driven so many comments, I’m sure you’re traffic has sky-rocketed. Very interesting story though… I think a severe beating of this hacker-idiot is in order… lol. Buy the domain back, then get the billing details, etc…. file suit after you have your domain for every last penny.

Meanwhile…. Keep your readers up-to-date with your experiences trying to resolve the issue. I’m sure everyone here is interested to know what comes of this… This alone will be huge traffic engine as well, making you the winner at all levels… You’ll have the last laugh.

That’s outrageous – I would be SO angry. You did the right thing by not giving in to his demands. You should be relentless in tracking him down, you will acquire so much support on the way. How DARE he. By the way, I know that broken English anywhere, and I bet you whatever you like that he is Chinese. I have a Chinese colleague and this is EXACTLY, word for word, how he would phrase something. And that’s no slur on Chinese people, please believe me.

I just thought i’d give you a heads up. The IP in question (207.36.162.100) is owned by Cybergate. Which appears to be a home ISP and not a proxy. This is good. You should be able to contact Cybergate, or get your lawyers to contact cybergate. So you should be able to approach the idiot in this manner.

You seem to have the correct contact information for Cybergate. I wish you the best, and i hope you tear that sucker into tiny little peices.

If it makes you feel any better bro…about 6 months ago Godaddy was selling .info names for like 1.99 and so I bought a few hundred. One of them was davidairey.info. and if you get in a pickle like this again, I would be honored to sell you that domain for say .49 cents…and don’t be tryin ta lowball me either…that price is FIRM!

I admire that you have the courage to stand your ground. And my wishes to you for the fight you have in Hand.
On the same line ,my apology to you for the unruly behavior of that indian youth.
And incase u know his whereabouts let me know..i guess i can fix this issue(bug).or atleast make sure that he does behave the same way with others.
and good luck for ur fight .

Dude, that’s a nightmare. I’m so sorry for what you have gone through. I use a GMail account for my blog, so I would be devastated if that happened to me. Still, I commend you for sticking up to that dirty hacker and not paying the ransom.

I wish you the best of luck man! you seem like a nice guy and I think you deserve much better! and I also wanna thank you for putting the “faq” on how to check your own Gmail settings. I feel a lot more secure now =D

btw, I found this blog post through StumbleUpon, so more and more people will find this post and they will probably check their Gmail settings as well. yet again, thanks for the info on the Gmail settings, and good luck to you!

kudos to you for stick to what you believe in, do a WHOIS on that IP find the ISP and write an email to the complaints department, stating that if no action is taken, they will be reported to the appropiate authorities; this will scare the pants off them. I had the same trouble, but the email was for un-important emails, unfortunatly the IP was located in China, and the ISP did not want anything to do with me, after the little arse sent abusive emails to my friends and family which he/she had found the addresses in my inbox, i got irrate, time to fight fire with fire. for a while i was in college i learnt network security, and my tutor tought me how to hack to piss someone off, luckily for me the person left his/her machine unlocked and had the remote desktop utility running, i promptly left a batch script (which is childish) on his/her startup folder. this script (when they restart the computer and log on) would bring up a message in notepad saying “Nice try, But you luck has run out, dont try this again.” after 30secs of that, the batch script promptly deleted all of the c:/windows files.

Ive had no trouble from that person since. that is the first time I hacked (not really hack because it was open) a system and i felt very unpleased i dont like to invade, nor do i want to do it anymore (because it could get me sacked from work). but sometimes doing the same to a person can show them what its like.

Just ran across your site, from a trackback in tumblr.com – and immediately checked my GMail account. Nothing there, thank goodness, but I’ll be checking out all my settings now!

I hate hackers! With all the work we put into our websites, there should be a better way to keep our domains protected!

You’re right about not paying him or her a dime. Collect all your info, file a court order, contact the FBI, WHOis, get a lawyer to contact this dirtbag – hell, do everything possible to stop this jackass!

Posting this to my sites – The more who know about this, the more support you’ll have – Keep your chin up and fight back!

Hi David. I was doing some research on domains and came across this post.

The part about Gmail freaked me out! It is a good call to stick to your principles and not pay the hacker. You’re right that if you tolerated it and paid him, he just might do it again to you or others. Now, that you won’t buy the domain back, it is worthless to him.

Thank you for sharing this experience with all of us… especially to amateurs like me. :)

what a terrible story! and i hadn’t heard of the gmail exploit actually. i hope that by dealing with this the great way that you did – you get what you deserve – a ton more traffic and business than you would have not gotten with out it! And I hope the thief gets what he has coming to him. thanks for sharing. ps, you can get a legal document to get their real contact information. once the proxy has been served with legal papers, the domain owner must give appropriate contact information. consult a lawyer for it – i’m sure you could at least get that part going. best of luck!

It’s good that the gmail script vulnerability has been fixed, but this kind of thing will just happen again and again. I just decided this past week to start having all my domains forwarded to my gmail account, now I’m wondering . . . if I should have an e-mail account dedicated to sensitive issues — registry, hosting, banking, credit card, . . . Furthermore, I’d have to check it with only the one page loaded, no other sites open, or use a POP client . . . The problem with this is having to remember to check the extra account.

(Much ado about nothing.) Your self pride at not wanting to give the thief any money
is in your way. See now how much the cost will be to you to go to court. pay him his small amount and engineer the whole matter to trick him out of the spoils. He will
certainly take pleasure that the cost is so high to you. Don’t let your emotion dictate. use your considerable mental ability unencumbered by personal pride.
You can do this without having to go to court. Give him a relative pittance and be
done with it. Self pride is the enemy of success. use your mind rather than being your own enemy.—Good luck—Doug Rosbury

David – you mention in the post about having to re-link all your images as you were using absolute paths to them as opposed to relative paths. I am trying to figure out how to do the same but when I place images in the images folder at the top level directory (so like http://www.domain.com/images/image1.jpg would just become images/image1.jpg) the wordpress pages can not find them – am I doing something wrong?

Not sure why the WordPress pages don’t find your cropped image addresses. However, one thing to bear in mind (which is quite important), is that search engines can’t store your files unless you use the full address. Therefore, you can rule out any additional traffic from Google image searches etc.

Your site crops up in just about every “best of” list in the designer world ….your heart must have sunk at the prospect of fixing all those links. i really feel for you, it’s no different in my mind to personal assault or burglary.

I’m actually doing a search on behalf of an associate who’s currently feeling the same sense of bewilderment, shock and anger at having her business identity and reputation pirated.

Many designers blog about having their designs stolen and their sites hacked but I’m not finding much to help my friend. Briefly, she answered an advertisement offering a reciprocal advert link on a site offering resources to her target audience. She gave information about her business in confidence and the links were established. All was well until she discovered the site owner had registered a domain name almost exactly like hers and set up a similar website offering the same services. Not an exact copy, but it’s pretty certain he’s trading on her well-established reputation in a niche market.

The big question is: how do you quantify lost revenue when someone highjacks your domain or creates a site that’s almost exactly the same? It’s very hard to prove that your business has suffered a loss of visitors to your site – or that the loss has resulted in a reduction in income.

In your case, it’s much more cut-and-dried: someone hacked into your emails and stole your domain. In my friend’s case she hasn’t had anything stolen as such. She gave the perp access to her business information in confidence and good faith and he hasn’t actually hacked anything. However, he’s profiting from her IP and reputation by capturing some of her target audience.

Any thoughts on how she should proceed would be much appreciated. Please keep blogging about this subject – it helps everyone similarly affected. Now I’m going to check my gmail settings. Yikes.

I was doing research for a client (and became side-tracked) when I came across your article…I felt your pain and frustration of your every thought and move. Then when I reached the part they were in FL, I was ready to run down there to help out till I realized the domain name at the top of the page I was reading, lol. Your story is a real eye opener. Thank you for sharing. I love your site, your work, and appreciate the time to keep it up. (Now I feel the pressure to update my site, lol).

Nice post. Thanks for putting it up. I’m sorry this happened to you. Under a google search for “gmail security” you came up number one. I ran into a different problem. Just got a spam to a gmail that had my real name and address. I want to know who linked them and how. Do you have any idea? Please email me if you do.

For one, if you’re using gmail mail services to send ANY information OR recieve it and you feel it’s private, you’re defeating your own purpose. When you sign up for gmail you give google the ultimate right to ANY content of ANY email. you also assign the rights to any information contained in those emails.

So, while it’s still a really crappy issue that it happened, your data was never protected to begin with.

Thank you for the heads up. I am glad to have the information and hope it all works out. It seems thart the more of us who know the better we are positioned to stop this crap. Strength in numbers and knowledge!

Hi David,
My Gmail was hacked last nite by someone stalking me and my fiance online. When i tried to retrieve the password, i could not … so i wrote to google after filling out their security form and they told me that based on the information that i gave them they could not restore my account.

I opened this Gmail account the day that Google started their E- Mail feature and have used this account for all of my bill paying and banking…. i was devastated when i got such an automated e-mail over an incredibly sensitive situation… i feel violated and my livlihood has been compromised as this person / hacker used my g-mail account to commandere 7 other accounts in my name… i just don’t know what to do.
does anyone have suggestions?

Kelly,
I had a similar experience with Gmail ( http://blogoscoped.com/archive/2007-11-22-n35.html ) , I never got any sympathy, or help from Google. Just a big brick wall.
I just learned that I should never rely on one service for all of my needs. I also learned the hard way the definition for: ” You get what you pay for.” I hate to see other people learning that same lesson.
I do want to advise people to document everything they can regarding any online account that you find important. Save all e-mails regarding opening an account. Take screenshots of the the inbox, account settings, filters, etc… .
Good luck & Take Care,
E.

1) You STILL have no proof a flaw in gmail was the reason? Chances are you, you did something dumb like use the same password everywhere, as your email password, so when those sites got hacked, you got owned. You guys need to accept responsibility for your security practices.

2) You accuse google instantly. Yet, NO PROOF! Of course they will treat you like an idiot. Anyone would treat you like an idiot if you blame someone else, without determining if your actions may have facilitated it.

3) Frankly, the IQ of the digg crowd has been dropping lower and lower. Like the Firefox “bug” in linux.. Everyone on digg made a big deal. IT WAS A BETA VERSION!!!

Heres some homework for you guys:
1) Make sure your passwords are different between your email, and other sites
2) Don’t use lame browsers like Safari, which seem to have an aura of penetrability +10
3) Stop jumping to conclusions. Just because the front door is unlocked doesn’t mean someone else broke in. It means that you probably left it open.

Just because google had a security flaw doesn’t mean thats how someone broke in. It probably means they captured your password an easier way!

I reiterate, you guys are idiots. If you guys got hacked, its probably because you have yourselves to blame. In fact, in highschool, a mate’s account was accidentally broken into whilst joking around, because their secret question was “why”.. The answer was “because”. That doesn’t mean its hotmails fault, its his own fault.

Learn to accept responsibility. Gmails flaw lasted barely a few hours. I heard some of the lamest excuses whilst working at an applecentre. And this story, is no different.

After what you went through it’s surprising to me you still use the same host. Their lack of security is partially why your domain was transferred out. Although it’s true you should never use a free email service for sending/receiving important information. Whatever you use for important emails make sure they are on top of security.

It’s also surprising to me you are using godaddy, they pretty much told you to GFY until your story became well known. It’s funny how crappy companies suddenly help people when they bring their problems out in the open for all to see. Also as far as I know godaddy doesn’t offer any real protection against domain theft, I’ve heard plenty of people getting their domains stolen from them too.

There’s registrars out there that do offer real protection and talk to you over the phone to make sure you are who you say you are before letting you transfer your domain. One of those registrars that offer that kind of service would be Moniker.com .

It also looks like you don’t have a dedicated server either. I’m guessing you make a living with your site and designs but won’t pay 100 or bucks a month for a managed dedicated server at a good host? That’s just asking for all sorts of trouble with your site. If you don’t know where to find a good host ask around at webhostingtalk.com .
Just to name a few softlayer.com, liquidweb.com, wiredtree.com are all great host that offer managed servers that will keep your server software up to date, they also know what they are doing when it comes to security.

After you brought this thief (cracker) so much attention he’s probably not happy with you. The last thing you should do is leave yourself open to more vulnerabilities for him to come back and screw you over again just out of spite.

I actually found ICDSoft to be very helpful when trying to recover my domain. Sure, their system for transferring information could be more secure, but I believe there was more of a self-created security threat.

With that said, it sounds like you know more than I about the more secure web hosts and domain registrars, and I’ll be looking around following your suggestions. Thanks.

Hi David,
The problem is once it’s transferred there’s nothing they can do. Support tickets can be opened “sometimes” with host via email, so if the cracker got into your email they could do a lot of bad things just by emailing your host or registrar.

From what you said, the system they use for transferring domains is what a lot of host/registrars use. Hardly any of them have great security when it comes to domain theft.

Most servers are hacked/cracked from out-dated software. To be safe you might want to check that your host updates all the software (apache,php etc) when updates are released.

As for virtual host, if you share hosting with others one person could cause the whole server to go down or even get other accounts hacked on that server. That’s why it’s better to have *fully managed dedicated server from a good well known host. You need them to have the knowledge for secure server hardening if your website is important to you. I’ve used some host that were really nice to me but didn’t have a clue when it came to security.

A good host will keep all the software on the server up to date, that’s the main reason servers are hacked these days, most web host are managed by slackers who don’t update the server software quick enough.

I know your server didn’t get hacked in this situation here but if your domain is secure that’s likely what the crack